January 25, 2006 3:03 PM PST
Warning out on serious CA software flaw
- Related Stories
-
CA nabs help-desk software company
January 11, 2006 -
Veritas issues patch for NetBackup flaw
October 13, 2005 -
CA fixes bugs in multiple products
August 22, 2005 -
CA plugs serious hole in backup software
August 3, 2005
A security vulnerability in Computer Associates' iTechnology iGateway service could put systems running the software at risk of serious attacks, experts have warned. A remote attacker could gain complete control over systems on Windows platforms, and other platforms may allow for a denial-of-service attack, according to an advisory posted Tuesday by security intelligence firm French Security Incident Response Team. The FrSIRT rates the issue "critical."
The iTechnology iGateway is part of various Computer Associates products, including BrightStor backup, eTrust security and Unicenter management software. A heap-overflow vulnerability exists because the software fails to perform boundary checks before copying user-supplied data into specific process buffers, according to an advisory on Symantec's DeepSight intelligence service. CA has published a security advisory along with fixes for its products.




