Change Download Preference


{{errorInSavingPref}}
Current Preference
{{dwnldPreference}}
Change Preference to:

CA20110720-01: Security Notice for CA Gateway Security and Total Defense

Issued: July 20, 2011

CA Technologies support is alerting customers to a security risk with CA Gateway Security. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued an update that resolves the vulnerability.

The vulnerability, CVE-2011-2667, occurs due to insufficient bounds checking that can result in a memory overwrite on the heap. By sending a malformed request, an attacker can overwrite a sensitive portion of heap memory, which can potentially result in server compromise.

Risk Rating

High

Platform

Windows

Affected Products

CA Gateway Security 8.1
CA Total Defense r12

Non-Affected Products

CA Gateway Security 9.0

How to determine if the installation is affected

From the CA Gateway Security Management Console, select About to view version information. If the version displayed is less than 8.1.0.69, the installation is vulnerable.

Solution

Gateway Security r8.1:
Apply fix RO32642

Alternatively, update to Gateway Security 9.0 available from the CA support site.

References

CVE-2011-2667 - Gateway Security memory corruption

Acknowledgement

CVE-2011-2667 - Andrea Micalizzi via the TippingPoint ZDI

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technologies Support at https://support.ca.com.

If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team.