Important Security Notice for
CA iGateway (Buffer Overrun)

Issued: January 23, 2006
Last Updated: February 03, 2006

CA's Customer Support is alerting customers to a security risk associated with the CA iGateway software component. An independent researcher has detected a remotely exploitable problem and alerted iDefense (www.iDefense.com) to the exposure, who in turn reported the vulnerability to CA. We have been working with them to understand the nature of the problem and to make certain that the provided remedy addresses the problem completely.

CA has confirmed the presence of this vulnerability and has completed development of updates that provide complete protection against it. Upon completion of quality assurance testing, the updates will be released and made available to CA customers on or before January 23, 2006.

The vulnerability involves an overflow condition that can allow arbitrary code to be executed remotely with local SYSTEM privileges on Windows, and cause iGateway component failure on UNIX and Linux platforms. The vulnerability issue affects versions 3 and 4 of the iGateway component (see below for additional information on the conditions that must exist for the vulnerability to be exploitable).

Customers with vulnerable versions of the iGateway component should upgrade to the current version of iGateway (4.0.051230 or later), which will be available for download from https://support.ca.com on or before January 23.

Affected products:

BrightStor Products

BrightStor ARCserve Backup r11.5
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup for Windows r11
BrightStor Enterprise Backup 10.5
BrightStor ARCserve Backup v9.01
BrightStor ARCserve Backup Laptop & Desktop r11.1
BrightStor ARCserve Backup Laptop & Desktop r11
BrightStor Process Automation Manager r11.1
BrightStor SAN Manager r11.1
BrightStor SAN Manager r11.5
BrightStor Storage Resource Manager r11.5
BrightStor Storage Resource Manager r11.1
BrightStor Storage Resource Manager 6.4
BrightStor Storage Resource Manager 6.3
BrightStor Portal 11.1

Note to BrightStor Storage Resource Manager and BrightStor Portal users: In addition to the application servers where these products are installed, all hosts which have iSponsors deployed to them (for managing applications like Veritas Volume Manager and Tivoli TSM) are also affected by this vulnerability.

eTrust Products

eTrust Audit 1.5 SP2 (iRecorders and ARIES)
eTrust Audit 1.5 SP3 (iRecorders and ARIES)
eTrust Audit 8.0 (iRecorders and ARIES)
eTrust Admin 8.1
eTrust Identity Minder 8.0
eTrust Secure Content Manager (SCM) R8
eTrust Integrated Threat Management (ITM) R8
eTrust Directory, R8.1 (DXmanager Only)

Unicenter Products

Unicenter AutoSys JM R11
Unicenter Service Delivery R11
Unicenter Service Level Management (USLM) R11
Unicenter Service Desk R11
Unicenter Service Desk Knowledge Tools R11
Unicenter Asset Portfolio Management R11
Unicenter Service Metric Analysis R11
Unicenter Service Catalog/Assure/Accounting R11
Unicenter Asset Management r11
Unicenter Software Delivery r11
Unicenter Remote Control r11
Unicenter Desktop Management Bundle r11
CA Desktop Management Suite r11

The vulnerability exists if the iGateway component is older than 4.0.051230.

Affected platforms:

AIX, HP-UX, Linux Intel, Solaris, and Windows

Prerequisite conditions for the vulnerability to be exploitable

None.

Determining the version of iGateway:

To determine the version numbers of the iGateway components:

Go to the iGateway directory:

On Windows, this is %IGW_LOC%

Default path for v3.*: C:\Program Files\CA\igateway
Default path for v4.*: C:\Program Files\CA\SharedComponents\iTechnology

On UNIX,

Default path for v3.*:  /opt/CA/igateway
Default path for v4.*:  the install directory path is contained in
opt/CA/SharedComponents/iTechnology.location.
The default path is /opt/CA/SharedComponents/iTechnology

Look at the <Version> element in igateway.conf.

The versions are affected by this vulnerability if you see
a value LESS THAN the following:
<Version>4.0.051230<Version> (note the format of v.s.YYMMDD)

iGateway Corrective Patch Download:

https://support.ca.com/irj/portal/anonymous/phpdocs?filePath=0/common/igatewaypatch_index.html

Should you require additional information, please contact CA Customer Support at https://support.ca.com.