CA catalogue hit by buffer overlow vulnerabilities


Vulnerabilities in CA Licensing software have opened up vast swathes of the CA product catalogue to potential attack. The company has issued patches for the buffer overflow vulnerabilities that allow the insertion of malicious code.

The vulnerabilities affect software running on Windows, HPUX, AIX, Solaris, Tru64, Apple and Linux operating systems. As yet, no exploits have been recorded, CA reps claim.

"We are aware of no exploits being available for the vulnerabilities," said Simon Perry, VP of security strategy at CA. "Upon identification of the exposures from third party vendors (eEye and iDefense), CA took immediate action to reduce our customers' risk by partnering with these vendors to confirm the corrective patches and coordinate public disclosure."

As a method of reducing the impact of the vulnerabilities CA took the standard step of reporting the vulnerability at the same time as services such as US-CERT and Mitre Common Vulnerability Exposures (CVE) Group, a practise that shortens the window of opportunity for anyone trying to create an exploit.

The news arrives days after SC reported a flaw in the software of Trend Micro products that affected a wide range of its anti-virus software. Several ISP's could be affected by the vulnerability, according to security company ISS.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.