Change Download Preference


{{errorInSavingPref}}
Current Preference
{{dwnldPreference}}
Change Preference to:

CA20110208-01: Security Advisory for CA Secure Content Manager, Gateway Security

Issued: February 08, 2011
Last Updated: July 25, 2011

CA Technologies support is alerting customers to a security risk with CA Secure Content Manager. A vulnerability exists that can allow a remote attacker to execute arbitrary code.

The vulnerability, CVE-2011-0758, is due to insufficient bounds checking by the eCS component included with Secure Content Manager and Gateway Security. A remote attacker can make a request that will cause a heap overflow, which could possibly result in privileged code execution.

Patches are currently not available. CA support is working towards a resolution. Monitor this notice and the support.ca.com CA Secure Content Manager / Gateway Security product homepage for updates.

Risk Rating

High

Platform

Windows

Affected Products

CA Secure Content Manager 8.0
CA Gateway Security 8.1
CA Gateway Security 9.0

References

CVE-2011-0758 - Secure Content Manager eCS heap overflow

Acknowledgement

CVE-2011-0758 - Sebastian Apelt through the TippingPoint ZDI

Change History

Version 1.0: Initial Release
Version 1.1: Added Ca Gateway Security 9.0 to the Affected Products list

If additional information is required, please contact CA Technologies Support at http://support.ca.com/.

If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team