微点交流论坛

标题: CA Products Data Transport服务缓冲溢出 [打印本页]

作者: pioneer 时间: 2009-11-20 17:30 标题: CA Products Data Transport服务缓冲溢出

来源

secunia.com

软件名

CA Advantage Data Transport 3.x
CA IT Client Manager 12.x
CA Unicenter Software Delivery 11.x
CA Unicenter Software Delivery 4.x

描述

执行Data Transport Service时"dtscore"库中的一个越界访问错误可导致缓冲溢出
溢出成功后可执行任意代码
该漏洞在以下产品和版本中已经报告：
* CA Software Delivery r11.2 C1, C2, C3, and SP4
* Unicenter Software Delivery 4.0 C3
* CA Advantage Data Transport 3.0 C1
* CA IT Client Manager r12

解决方案

应用厂商补丁
-- CA Software Delivery r11.2 C1 and C2 --
Update to to r11.2 C3 and apply RO08984 or update to r11.2 SP4 and
Apply RO08956.

-- CA Software Delivery r11.2 C3 --
Apply RO08984:
http://support.ca.com/irj/portal ... mp;searchID=RO08984

-- CA Software Delivery r11.2 SP4 --
Apply RO08956:
http://support.ca.com/irj/portal ... mp;searchID=RO08956

-- Unicenter Software Delivery 4.0 C3 and CA Advantage Data Transport
3.0 C1 --
Apply RO08976:
http://support.ca.com/irj/portal ... mp;searchID=RO08976

-- CA IT Client Manager r12 --
Apply RO10086:
http://support.ca.com/irj/portal ... mp;searchID=RO10086

欢迎光临微点交流论坛 (http://bbs.micropoint.com.cn/)

bbs.micropoint.com.cn