CA catalogue hit by buffer overlow vulnerabilities

By

Vulnerabilities in CA Licensing software have opened up vast swathes of the CA product catalogue to potential attack. The company has issued patches for the buffer overflow vulnerabilities that allow the insertion of malicious code.

The vulnerabilities affect software running on Windows, HPUX, AIX, Solaris, Tru64, Apple and Linux operating systems. As yet, no exploits have been recorded, CA reps claim.


"We are aware of no exploits being available for the vulnerabilities," said Simon Perry, VP of security strategy at CA. "Upon identification of the exposures from third party vendors (eEye and iDefense), CA took immediate action to reduce our customers' risk by partnering with these vendors to confirm the corrective patches and coordinate public disclosure."

As a method of reducing the impact of the vulnerabilities CA took the standard step of reporting the vulnerability at the same time as services such as US-CERT and Mitre Common Vulnerability Exposures (CVE) Group, a practise that shortens the window of opportunity for anyone trying to create an exploit.

The news arrives days after SC reported a flaw in the software of Trend Micro products that affected a wide range of its anti-virus software. Several ISP's could be affected by the vulnerability, according to security company ISS.

www.ca.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Log In

  |  Forgot your password?