Computer Associates Alert Notification Server opcode 23 buffer overflow

Added: 04/25/2008
CVE: CVE-2007-4620
BID: 28605
OSVDB: 44040

Background

The Alert Notification Server is included with multiple Computer Associates products to provide notifications to console users.

Problem

The Alert Notification Server is affected by buffer overflow vulnerabilities in multiple RPC operations allowing remote attackers to execute arbitrary commands.

Resolution

Apply one of the updates referenced in the Security Notice.

References

http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=679

Limitations

Exploit works on CA eTrust Antivirus r8 with patch QO89817. Valid Windows credentials are required in order for this exploit to succeed.

Platforms

Windows 2000
Windows Server 2003

Back to exploit index