[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[VulnWatch] Immunity Advisory: Computer Associates Unicenter TNG

To: vulnwatch@xxxxxxxxxxxxx
Subject: [VulnWatch] Immunity Advisory: Computer Associates Unicenter TNG
From: Chris Wysopal <weld@xxxxxxxxxxxxx>
Date: Mon, 15 Mar 2004 11:18:51 -0500 (EST)

Excerpt:

Remote, unauthenticated stack overflow Computer Associates Unicenter TNG
Utilities awservices.exe

Computer Associates has developed a suite of tools that help enterprises
manage the software on their machines. In doing so, they developed several
proprietary protocols, which are implemented in various daemons, listening
on TCP and UDP ports, and running as SYSTEM. These daemons are vulnerable
to classic stack overflows. In particular, Immunity reviewed cam.exe and
awservices.exe, and found many examples of exploitable problems in both.
These are considered critical problems, as they are often installed on
every machine in an enterprise.

Full Advisory:

http://www.immunitysec.com/downloads/awservices.sxw.pdf

Prev by Date: [VulnWatch] Immunity Advisory: Compaq Web Management vulnerability
Next by Date: [VulnWatch] ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow
Previous by thread: [VulnWatch] Immunity Advisory: Compaq Web Management vulnerability
Next by thread: [VulnWatch] ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow
Index(es):
- Date
- Thread