December 7, 2016

Critical Vulnerability in CA Gateway Security 8.1 and CA Total Defense r12

(LiveHacking.Com) — CA Technology is warning its customers for a critical vulnerability in its Gateway Security 8.1 and CA Total Defense r12. The vulnerability can allow a remote attacker to execute arbitrary code.Critical Vulnerability in CA Gateway Security 8.1 and CA Total Defense r12

According to the CA portal, the vulnerability, CVE-2011-2667, occurs due to insufficient bounds checking that can result in a memory overwrite on the heap. By sending a malformed request, an attacker can overwrite a sensitive portion of heap memory, which can potentially result in server compromise.

The “Heap Memory” or “Heap Memory Pool” is an internal memory pool created at start-up that tasks use to dynamically allocate memory as needed. This memory pool is used by tasks that requires a lot of memory from the stack in the stack-based memory allocation system.

CA Technology has released an update to patch the vulnerability. Alternatively, update to Gateway Security 9.0 is available from the CA support site.