Vulnerability Description
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Brightstor Arcserve Backup | 9.01 |
| Broadcom | Brightstor Arcserve Backup Laptops Desktops | 11.0 |
| Broadcom | Brightstor Portal | 11.1 |
| Broadcom | Brightstor Process Automation Manager | 11.1 |
| Broadcom | Brightstor San Manager | 11.1 |
| Broadcom | Brightstor Storage Resource Manager | 6.3 |
| Broadcom | Etrust Admin | 8.1 |
| Broadcom | Etrust Audit Aries | 8.0 |
| Broadcom | Etrust Audit Irecorder | 1.5 |
| Broadcom | Etrust Identity Minder | 8.0 |
| Broadcom | Etrust Integrated Threat Management | 8.0 |
| Broadcom | Itechnology Igateway | <= 4.0.050615 |
| Broadcom | Unicenter Asset Portfolio Management | 11.0 |
| Broadcom | Unicenter Autosys Jm | 11.0 |
| Broadcom | Unicenter Service Delivery | 11.0 |
| Broadcom | Unicenter Service Desk | 11.0 |
| Broadcom | Unicenter Service Desk Knowledge Tools | 11.0 |
| Broadcom | Unicenter Service Fulfillment | 2.2 |
| Broadcom | Unicenter Service Metric Analysis | 11.0 |
| Ca | Brightstor Arcserve Backup | 11 |
Related Weaknesses (CWE)
References
- http://marc.info/?l=full-disclosure&m=113803349715927&w=2
- http://secunia.com/advisories/18591PatchVendor Advisory
- http://securityreason.com/securityalert/380
- http://securitytracker.com/id?1015526Patch
- http://supportconnectw.ca.com/public/ca_common_docs/igatewaysecurity_notice.aspPatchVendor Advisory
- http://www.idefense.com/intelligence/vulnerabilities/display.php?id=376PatchVendor Advisory
- http://www.osvdb.org/22688Patch
- http://www.securityfocus.com/archive/1/423288/100/0/threaded
- http://www.securityfocus.com/archive/1/423403/100/0/threaded
- http://www.securityfocus.com/bid/16354Patch
- http://www.vupen.com/english/advisories/2006/0311Vendor Advisory
- http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33778
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24269
- http://marc.info/?l=full-disclosure&m=113803349715927&w=2
- http://secunia.com/advisories/18591PatchVendor Advisory
FAQ
What is CVE-2005-3653?
CVE-2005-3653 is a vulnerability with a CVSS score of 10.0 (HIGH). Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary co...
How severe is CVE-2005-3653?
CVE-2005-3653 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3653?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Brightstor Arcserve Backup, Broadcom Brightstor Arcserve Backup Laptops Desktops, Broadcom Brightstor Portal, Broadcom Brightstor Process Automation Manager, Broadcom Brightstor San Manager.