Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2005-0581

7 documents4 sources

Severity

4.6MEDIUM

EPSS

71.2%

top 1.29%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Broadcom License Software

Timeline

PublishedMay 2

Latest updateMay 1

Description

Multiple buffer overflows in Computer Associates (CA) License Client and Server 0.1.0.15 allow remote attackers to execute arbitrary code via (1) certain long fields in the Checksum item in a GCR request, (2) a long IP address, hostname, or netmask values in a GCR request, (3) a long last parameter in a GETCONFIG packet, or (4) long values in a request with an invalid format.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

▶NVDbroadcom/license_software0.1.0.15

Patches

Patch: supportconnectw.ca.com ↗Patch: www.idefense.com ↗Patch: www.idefense.com ↗

🔴Vulnerability Details

GHSA

GHSA-h7cp-q5mh-2ggf: Multiple buffer overflows in Computer Associates (CA) License Client and Server 0↗2022-05-01

▶

CVEList

CVE-2005-0581: Multiple buffer overflows in Computer Associates (CA) License Client and Server 0↗2005-03-02

▶

💥Exploits & PoCs

Exploit-DB

CA BrightStor ARCserve License Service - 'GCR NETWORK' Remote Buffer Overflow (Metasploit)↗2010-11-03

▶

Exploit-DB

Computer Associates License Client - GETCONFIG Overflow (Metasploit)↗2010-09-20

▶

Exploit-DB

Computer Associates License Server - GETCONFIG Overflow (Metasploit)↗2010-09-20

▶

Exploit-DB

CA License Server - 'GETCONFIG' Remote Buffer Overflow↗2005-03-06

▶