Check Point Advisories

CA iTechnology iGateway Service Content-Length Buffer (CVE-2005-3653)

Check Point Reference: CPAI-2006-177
Date Published: 19 Oct 2009
Severity: Critical
Last Updated: Monday 17 December, 2018
Industry Reference:CVE-2005-3653
Protection Provided by:

Security Gateway
R81, R80, R77, R75

Who is Vulnerable?
Vulnerability Description Numerous Computer Associates (CA) products incorporate shared components that perform common tasks not specific to any one product. One such component is the CA iGateway service. The iGateway service is an XML-based interface that integrates with storage management applications and facilitates communication between backup servers and a web portal. A heap based buffer overflow exists in the iTechnology iGateway service of multiple Computer Associates' products. The vulnerability is caused due to insufficient boundary checks of the value of the Content-Length header field in received HTTP requests. An unauthenticated remote attacker can exploit the vulnerability to cause a denial of service condition or execute arbitrary code on the target host within the privileges of the running service - System by default. In a simple attack case aimed at creating a denial of service condition, the iGateway server will stop responding to HTTP requests. The process may not terminate after an attack and the target host will still accept TCP connections on port 5250/TCP. Note that the iGateway service functionality will not resume until the proper service is restarted manually. In a more sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature the injected code. Any code injected into the vulnerable component would execute in the security context of the iGateway process, the System user by default on Windows platforms.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the CA iTechnology iGateway Service Content-Length Buffer protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Content Protection Violation.
Attack Information:  CA iTechnology iGateway service Content-Length buffer

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.