CVE-2005-0581 : Multiple buffer overflows in Computer Associates (CA) License Client and Server 0.1.0.15 allow remote attackers to execu

Multiple buffer overflows in Computer Associates (CA) License Client and Server 0.1.0.15 allow remote attackers to execute arbitrary code via (1) certain long fields in the Checksum item in a GCR request, (2) a long IP address, hostname, or netmask values in a GCR request, (3) a long last parameter in a GETCONFIG packet, or (4) long values in a request with an invalid format.

Published 2005-05-02 04:00:00

Updated 2021-04-09 17:46:30

Source MITRE

View at NVD, CVE.org

Vulnerability category: Execute code

Exploit prediction scoring system (EPSS) score for CVE-2005-0581

Probability of exploitation activity in the next 30 days: 84.11%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 98 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2005-0581

CA BrightStor ARCserve License Service GCR NETWORK Buffer Overflow

Disclosure Date: 2005-03-02

First seen: 2020-04-26

exploit/windows/brightstor/license_gcr

This module exploits a stack buffer overflow in Computer Associates BrightStor ARCserve Backup 11.0. By sending a specially crafted request to the lic98rmtd.exe service, an attacker could overflow the buffer and execute arbitrary code. Authors: - MC <mc@metasploit

More information
Computer Associates License Client GETCONFIG Overflow

Disclosure Date: 2005-03-02

First seen: 2020-04-26

exploit/windows/license/calicclnt_getconfig

This module exploits a vulnerability in the CA License Client service. This exploit will only work if your IP address can be resolved from the target system point of view. This can be accomplished on a local network by running the 'nmbd' service that comes

More information
Computer Associates License Server GETCONFIG Overflow

Disclosure Date: 2005-03-02

First seen: 2020-04-26

exploit/windows/license/calicserv_getconfig

This module exploits an vulnerability in the CA License Server network service. By sending an excessively long GETCONFIG packet the stack may be overwritten. Authors: - hdm <x@hdm.io> - aushack <patrick@osisecurity.com.au>

More information

CVSS scores for CVE-2005-0581

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.6	MEDIUM	AV:L/AC:L/Au:N/C:P/I:P/A:P	3.9	6.4	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

References for CVE-2005-0581

http://www.idefense.com/application/poi/display?id=210&type=vulnerabilities

Patch;Vendor Advisory
http://www.idefense.com/application/poi/display?id=213&type=vulnerabilities

Patch;Vendor Advisory
http://www.idefense.com/application/poi/display?id=215&type=vulnerabilities

Patch;Vendor Advisory
http://www.idefense.com/application/poi/display?id=214&type=vulnerabilities

Patch;Vendor Advisory
http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp

Patch;Vendor Advisory

CVEs referencing this url
http://marc.info/?l=bugtraq&m=110979326828704&w=2

CVEs referencing this url

Products affected by CVE-2005-0581

Broadcom » License Software » Version: 0.1.0.15
cpe:2.3:a:broadcom:license_software:0.1.0.15:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2005-0581

Exploit prediction scoring system (EPSS) score for CVE-2005-0581

Metasploit modules for CVE-2005-0581

CA BrightStor ARCserve License Service GCR NETWORK Buffer Overflow

Computer Associates License Client GETCONFIG Overflow

Computer Associates License Server GETCONFIG Overflow

CVSS scores for CVE-2005-0581

References for CVE-2005-0581

Products affected by CVE-2005-0581