CA iTechnology iGateway Service Content-Length Buffer Overflow

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by a buffer overflow vulnerability.

Description :

The remote host is using CA iTechnology iGateway service, a
software component used in various products from CA.

The version of the iGateway service installed on the remote host
reportedly fails to sanitize Content-Length HTTP header values before
using them to allocate heap memory. An attacker can supply a negative
value, which causes the software to allocate a small buffer, and then
overflow that with a long URI. Successful exploitation of this issue
can lead to a server crash or possibly the execution of arbitrary
code. Note that, under Windows, the server runs with local SYSTEM

See also :

Solution :

Contact the vendor to upgrade to iGateway 4.0.051230 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 7.4
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 20805 (igateway_content_length_overflow.nasl)

Bugtraq ID: 16354

CVE ID: CVE-2005-3653

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now