CA Console Server username buffer overflow

Added: 05/25/2007
CVE: CVE-2007-2522
BID: 23906
OSVDB: 34585

Background

Multiple CA products include the inoweb Console Server which listens for connections on port 12168/TCP.

Problem

A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a long, specially crafted username to the inoweb service.

Resolution

Use the product's automatic content update feature to fix the vulnerability as recommended in the CA Security Notice.

References

http://archives.neohapsis.com/archives/bugtraq/2007-05/0175.html

Limitations

Exploit works on CA eTrust Integrated Threat Management r8.

Platforms

Windows

Back to exploit index