Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: CA iGateway debug mode HTTP GET request bo vulnerability/exploit SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
CA iGateway debug mode HTTP GET request bo vulnerability/exploit
Computer Associates has an announcement concerning an "iGateway debug mode HTTP GET request buffer overflow vulnerability" that says "Remote attackers can execute arbitrary code." Exploit code is publicly available. Their is no patch available at this moment, the recommended workaround is "do not run iGateway in debug mode." Computer Associates announcement references CA iGateway 3.0, and CA iGateway 4.0.
Patrick

193 Posts

Sign Up for Free or Log In to start participating in the conversation!