Computer Associates License Service GCR buffer overflow

Added: 07/28/2006
CVE: CVE-2005-0581
BID: 12705
OSVDB: 14389

Background

The License service comes with most Computer Associatesproducts and exchanges license information over ports 10202/tcp and 10203/tcp.

Problem

A buffer overflow vulnerability in the processing of GCR messages allows remote attackers to execute arbitrary commands.

Resolution

Install the patch.

References

http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp
http://www.idefense.com/intelligence/vulnerabilities/display.php?id=214

Limitations

Exploit works on BrightStor ARCserve Backup 11.1.

Platforms

Windows 2000
Windows XP SP0 / Windows XP SP1
Windows XP SP2 / Windows XP
Windows Server 2003
Linux

Back to exploit index