CA Vulnerability Affects More than Current Users

Well after CA published information about a widespread vulnerability in its license manager software, a security firm has reported that even companies that have done nothing more than evaluate then uninstall CA software maybe vulnerable.

By  Michael Hall | Mar 14, 2005
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

Admins who didn't move quickly to patch a widespread vulnerability in software from Computer Associates should reconsider: One of the security firms that unearthed the flaw in the first place says code that exploits the flaw has been found on the Web. Worse, companies that have evaluated CA software but later uninstalled it may still be at risk.

CA and security firm eEye first reported a flaw in CA's license manager software on March 2. The vulnerability was noteworthy because it involved a number of CA software packages across all the company's supported architecture. CA released a patch the day the vulnerability was made public.On March 7, the Hat-Squad Security Group published an exploit for the vulnerability.

Since then, eEye has released a freely available application that scans systems for the vulnerability. Adding an unfortunate wrinkle to the situation is the fact that eEye reports users who have evaluated CA software but later removed it might still be vulnerable to the flaw.

"Even if the program was removed manually, the License Manager code that includes the vulnerabilities could potentially still be on the machine, thus enabling an attacker to take control of the system remotely," the company reports.


"The CA flaws are particularly tricky, as even those that diligently removed any CA products they may have evaluated are still at risk," said Firas Raouf, chief operating officer at eEye.

mhall@internet.com

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter
Helpful Links

  • Yankee Group Mobile WAN Optimization Report

    Mobile work continues to evolve. Your organization must keep up with the demands of its mobile workforce. This report introduces the concept of mobile WAN optimization and provides three case studies including RCM, PRTM and Einstein that highlight how this emerging technology can help IT departments achieve what previously appeared to be conflicting goals. Read >

  • Network Security Resources

    More threats than ever before pose a danger to today's enterprise network. Get the latest tips and intel on the newest risks in our guide to network security resources. Read >

  • Extreme Savings: Cutting Costs with WAN Optimization

    Did you know it's possible to cut IT costs without impacting day-to-day IT operations? In fact, when you download this whitepaper from Riverbed on cost-savings through WAN optimization, you'll discover how businesses of all different sizes have realized a return on investment in just a few months through significant hard cost savings in areas such as bandwidth reduction and IT consolidation. It's called Extreme Savings and its only from Riverbed. Read >