TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
400
Signature ID: 9034
Computer Associates License Server/Client GETCONFIG Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0581 Bugtraq: 12705
Signature Description: The Computer Associates License Client/Server applications provide a method for CA products
to register their licenses on the network. A buffer overflow vulnerability exists in Computer Associates License
Server/Client versions 1.53 to 1.61.8. The vulnerability specifically exists due to insufficient bounds checking on user-
supplied values in GETCONFIG request/response packets. By constructing specially crafted GETCONFIG
request/response packet by setting the last parameter to a large string and sending it to the license server/client results
in stack overflow. Successful exploitation allows remote attackers to execute arbitrary code under the privileges of
Local System. Administrators are advised to close the ports 10202, 10203 and 10204 for external users.
Signature ID: 9036
Computer Associates License Client PUTOLF Buffer Overflow Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0582 CVE-2005-0581 CVE-2005-0581 Bugtraq: 12705
Signature Description: The Computer Associates License Client/Server applications provide a method for CA products
to register their licenses on the network. A buffer overflow vulnerability exists in Computer Associates License Client
versions 1.53 to 1.61.8. The license file exchange is done by GETOLF and PUTOLF commands. The vulnerability
specifically exists in the way a client parses the PUTOLF requests. By constructing specially crafted PUTOLF request
by setting the name parameter to larger than 252 bytes or last parameter to larger than 525 bytes and sending it to the
license client results in stack overflow. Successful exploitation allows remote attackers to execute arbitrary code under
the privileges of Local System. Administrators are advised to close the ports 10202, 10203 and 10204 for external
users.Directory traversal attempt is also possible.
Signature ID: 9037
Computer Associates License Client PUTOLF Directory Traversal Vulnerability
Threat Level: Severe
Industry ID: CVE-2005-0583 CVE-2005-0581 Bugtraq: 12705
Signature Description: The Computer Associates License Client/Server applications provide a method for CA products
to register their licenses on the network. A buffer overflow vulnerability exists in Computer Associates License Client
versions 1.53 to 1.61.8. The license file exchange is done by GETOLF and PUTOLF commands. The vulnerability
specifically exists in the way a client parses the PUTOLF requests. By constructing specially crafted PUTOLF request
by setting the name parameter to larger than 252 bytes or last parameter to larger than 525 bytes and sending it to the
license client results in stack overflow. Successful exploitation allows remote attackers to execute arbitrary code under
the privileges of Local System. Administrators are advised to close the ports 10202, 10203 and 10204 for external
users. Buffer overflow and Directory traversal attacks are possible on the vulnerable softwares.
Signature ID: 9038
Computer Associates license invalid GCR NETWORK attempt
Threat Level: Information
Industry ID: CVE-2005-0581 Bugtraq: 12705
Signature Description: The Computer Associates License Client/Server applications provide a method for CA products
to register their licenses on the network. The License Client and Server are distributed with almost all CA software
distributions. Remote exploitation of a buffer overflow vulnerability in Computer Associates License Server and
License Client in versions 1.53 to 1.61.8 on all supported platforms can allow attackers to execute arbitrary code.The
vulnerability specifically exists due to insufficient bounds checking on user-supplied values in GCR requests. This
signature checks the GCR NETWORK attribute.