|Check Point Reference:||CPAI-2006-177|
|Date Published:||19 Oct 2009|
|Last Updated:||17 Dec 2018|
|Protection Provided by:||
|Who is Vulnerable?|
|Vulnerability Description||Numerous Computer Associates (CA) products incorporate shared components that perform common tasks not specific to any one product. One such component is the CA iGateway service. The iGateway service is an XML-based interface that integrates with storage management applications and facilitates communication between backup servers and a web portal. A heap based buffer overflow exists in the iTechnology iGateway service of multiple Computer Associates' products. The vulnerability is caused due to insufficient boundary checks of the value of the Content-Length header field in received HTTP requests. An unauthenticated remote attacker can exploit the vulnerability to cause a denial of service condition or execute arbitrary code on the target host within the privileges of the running service - System by default. In a simple attack case aimed at creating a denial of service condition, the iGateway server will stop responding to HTTP requests. The process may not terminate after an attack and the target host will still accept TCP connections on port 5250/TCP. Note that the iGateway service functionality will not resume until the proper service is restarted manually. In a more sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature the injected code. Any code injected into the vulnerable component would execute in the security context of the iGateway process, the System user by default on Windows platforms.|
This protection will detect and block attempts to exploit this vulnerability
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.
This protection's log will contain the following information:
Attack Name: Content Protection Violation.
Attack Information: CA iTechnology iGateway service Content-Length buffer