X

Warning out on serious CA software flaw

Vulnerability in Computer Associates' iTechnology iGateway service could put systems that run the software at risk of serious attacks.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers

A security vulnerability in Computer Associates' iTechnology iGateway service could put systems running the software at risk of serious attacks, experts have warned. A remote attacker could gain complete control over systems on Windows platforms, and other platforms may allow for a denial-of-service attack, according to an advisory posted Tuesday by security intelligence firm French Security Incident Response Team. The FrSIRT rates the issue "critical."

The iTechnology iGateway is part of various Computer Associates products, including BrightStor backup, eTrust security and Unicenter management software. A heap-overflow vulnerability exists because the software fails to perform boundary checks before copying user-supplied data into specific process buffers, according to an advisory on Symantec's DeepSight intelligence service. CA has published a security advisory along with fixes for its products.