CA catalogue hit by buffer overlow vulnerabilities

By

Vulnerabilities in CA Licensing software have opened up vast swathes of the CA product catalogue to potential attack. The company has issued patches for the buffer overflow vulnerabilities that allow the insertion of malicious code.

The vulnerabilities affect software running on Windows, HPUX, AIX, Solaris, Tru64, Apple and Linux operating systems. As yet, no exploits have been recorded, CA reps claim.


"We are aware of no exploits being available for the vulnerabilities," said Simon Perry, VP of security strategy at CA. "Upon identification of the exposures from third party vendors (eEye and iDefense), CA took immediate action to reduce our customers' risk by partnering with these vendors to confirm the corrective patches and coordinate public disclosure."

As a method of reducing the impact of the vulnerabilities CA took the standard step of reporting the vulnerability at the same time as services such as US-CERT and Mitre Common Vulnerability Exposures (CVE) Group, a practise that shortens the window of opportunity for anyone trying to create an exploit.

The news arrives days after SC reported a flaw in the software of Trend Micro products that affected a wide range of its anti-virus software. Several ISP's could be affected by the vulnerability, according to security company ISS.

www.ca.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?