CVE-2005-3653: Buffer Overflow
First published: Sat Dec 31 2005(Updated: )
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Broadcom ARCserve Backup | =9.01 | |
| Broadcom ARCserve Backup | =11.1 | |
| Broadcom ARCserve Backup | =11.5 | |
| CA ARCserve Backup for Laptops and Desktops | =11.0 | |
| CA ARCserve Backup for Laptops and Desktops | =11.1 | |
| Broadcom BrightStor Portal | =11.1 | |
| Broadcom BrightStor Process Automation Manager | =11.1 | |
| Broadcom BrightStor SAN Manager | =11.1 | |
| Broadcom BrightStor SAN Manager | =11.5 | |
| Broadcom BrightStor Storage Resource Manager | =6.3 | |
| Broadcom BrightStor Storage Resource Manager | =6.4 | |
| Broadcom BrightStor Storage Resource Manager | =11.1 | |
| Broadcom BrightStor Storage Resource Manager | =11.5 | |
| Broadcom eTrust Admin | =8.1 | |
| Broadcom eTrust Audit Aries | =8.0 | |
| Broadcom eTrust Audit Policy Manager | =1.5-sp2 | |
| Broadcom eTrust Audit Policy Manager | =1.5-sp3 | |
| Broadcom eTrust Audit Policy Manager | =8.0 | |
| Broadcom CA IdentityMinder | =8.0 | |
| Broadcom CA Threat Manager | =8.0 | |
| Broadcom iGateway | <=4.0.050615 | |
| Broadcom Unicenter Asset Portfolio Management | =11.0 | |
| Broadcom Unicenter AutoSys Job Management | =11.0 | |
| Broadcom Unicenter Service Delivery | =11.0 | |
| Broadcom Service Desk | =11.0 | |
| Broadcom Unicenter Service Desk Knowledge Tools | =11.0 | |
| Oracle Service Fulfillment Manager | =2.2 | |
| Broadcom Unicenter Service Metric Analysis | =11.0 | |
| CA ARCserve Backup for Laptops and Desktops | =11 | |
| Broadcom BrightStor Enterprise Backup | =10.0 | |
| Broadcom BrightStor Enterprise Backup | =10.5 | |
| Broadcom BrightStor Enterprise Backup | =10.5 | |
| Broadcom BrightStor Enterprise Backup | =10.5 | |
| Broadcom eTrust Audit Aries | =1.5-sp2 | |
| Broadcom eTrust Audit Aries | =1.5-sp3 | |
| CA eTrust Directory | =8.1_web_components | |
| Broadcom Secure Content Manager | =8.0 | |
| Broadcom Unicenter Application Performance Monitor | =11.0 | |
| CA Unicenter Application Server Management | =11.0 | |
| CA Unicenter Web Services Distributed Management | =11.0 | |
| CA Unicenter Exchange Management Console | =11.0 | |
| Broadcom Unicenter Management Portal | =3.5 | |
| Broadcom Unicenter Management Portal | =11.0 | |
| Broadcom Unicenter Management Portal | =11.0 | |
| Broadcom CA Unicenter Service Catalog Fulfillment Accounting | =11.0 | |
| Broadcom Unicenter Service Fulfillment | =11.0 | |
| Broadcom CA Service Level Management | =11.0 | |
| CA Unicenter DSM Agent | =11.0 | |
| CA Unicenter Web Services Distributed Management | =11.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376
- http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778
- http://www.osvdb.org/22688
- http://www.securityfocus.com/bid/16354
- http://securitytracker.com/id?1015526
- http://secunia.com/advisories/18591
- http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.asp
- http://securityreason.com/securityalert/380
- http://www.vupen.com/english/advisories/2006/0311
- http://marc.info/?l=full-disclosure&m=113803349715927&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24269
- http://www.securityfocus.com/archive/1/423403/100/0/threaded
- http://www.securityfocus.com/archive/1/423288/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2005-3653?
CVE-2005-3653 has a high severity rating due to the potential for remote code execution.
How do I fix CVE-2005-3653?
To fix CVE-2005-3653, update to a version of iTechnology iGateway that is later than 4.0.051230.
What type of attack does CVE-2005-3653 enable?
CVE-2005-3653 enables remote attackers to execute arbitrary code through specially crafted HTTP requests.
Which products are affected by CVE-2005-3653?
CVE-2005-3653 affects various Computer Associates (CA) iTechnology products, particularly versions of iGateway prior to 4.0.051230.
Is there a workaround for CVE-2005-3653 if I cannot update?
As a workaround for CVE-2005-3653, consider restricting access to the iGateway service or implementing a firewall rule to block untrusted HTTP requests.
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/references
- agent/author
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/weakness
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/broadcom
- canonical/broadcom arcserve backup
- version/broadcom arcserve backup/9.01
- version/broadcom arcserve backup/11.1
- version/broadcom arcserve backup/11.5
- canonical/ca arcserve backup for laptops and desktops
- version/ca arcserve backup for laptops and desktops/11.0
- version/ca arcserve backup for laptops and desktops/11.1
- canonical/broadcom brightstor portal
- version/broadcom brightstor portal/11.1
- canonical/broadcom brightstor process automation manager
- version/broadcom brightstor process automation manager/11.1
- canonical/broadcom brightstor san manager
- version/broadcom brightstor san manager/11.1
- version/broadcom brightstor san manager/11.5
- canonical/broadcom brightstor storage resource manager
- version/broadcom brightstor storage resource manager/6.3
- version/broadcom brightstor storage resource manager/6.4
- version/broadcom brightstor storage resource manager/11.1
- version/broadcom brightstor storage resource manager/11.5
- canonical/broadcom etrust admin
- version/broadcom etrust admin/8.1
- canonical/broadcom etrust audit aries
- version/broadcom etrust audit aries/8.0
- canonical/broadcom etrust audit policy manager
- version/broadcom etrust audit policy manager/1.5-sp2
- version/broadcom etrust audit policy manager/1.5-sp3
- version/broadcom etrust audit policy manager/8.0
- canonical/broadcom ca identityminder
- version/broadcom ca identityminder/8.0
- canonical/broadcom ca threat manager
- version/broadcom ca threat manager/8.0
- canonical/broadcom igateway
- version/broadcom igateway/4.0.050615
- canonical/broadcom unicenter asset portfolio management
- version/broadcom unicenter asset portfolio management/11.0
- canonical/broadcom unicenter autosys job management
- version/broadcom unicenter autosys job management/11.0
- canonical/broadcom unicenter service delivery
- version/broadcom unicenter service delivery/11.0
- canonical/broadcom service desk
- version/broadcom service desk/11.0
- canonical/broadcom unicenter service desk knowledge tools
- version/broadcom unicenter service desk knowledge tools/11.0
- canonical/oracle service fulfillment manager
- version/oracle service fulfillment manager/2.2
- canonical/broadcom unicenter service metric analysis
- version/broadcom unicenter service metric analysis/11.0
- vendor/ca
- version/ca arcserve backup for laptops and desktops/11
- canonical/broadcom brightstor enterprise backup
- version/broadcom brightstor enterprise backup/10.0
- version/broadcom brightstor enterprise backup/10.5
- version/broadcom etrust audit aries/1.5-sp2
- version/broadcom etrust audit aries/1.5-sp3
- canonical/ca etrust directory
- version/ca etrust directory/8.1_web_components
- canonical/broadcom secure content manager
- version/broadcom secure content manager/8.0
- canonical/broadcom unicenter application performance monitor
- version/broadcom unicenter application performance monitor/11.0
- canonical/ca unicenter application server management
- version/ca unicenter application server management/11.0
- canonical/ca unicenter web services distributed management
- version/ca unicenter web services distributed management/11.0
- canonical/ca unicenter exchange management console
- version/ca unicenter exchange management console/11.0
- canonical/broadcom unicenter management portal
- version/broadcom unicenter management portal/3.5
- version/broadcom unicenter management portal/11.0
- canonical/broadcom ca unicenter service catalog fulfillment accounting
- version/broadcom ca unicenter service catalog fulfillment accounting/11.0
- canonical/broadcom unicenter service fulfillment
- version/broadcom unicenter service fulfillment/11.0
- canonical/broadcom ca service level management
- version/broadcom ca service level management/11.0
- canonical/ca unicenter dsm agent
- version/ca unicenter dsm agent/11.0