Rule:--Sid:3525--Summary:This event is generated when an attempt is made to exploit abuffer overflow associated with Computer Associates Licensesoftware.--Impact:A successful attack can cause a buffer overflow of the host andthe subsequent execution of arbitrary code.--Detailed Information:Computer Associates License software allows a site to maintain andhandle licenses for CA products.  A server runs the software tofacilitate this and it communicates with clients/agents on thenetwork. A vulnerability exists in some GCR messages that exchangedata with a listening server or client.The GCR NETWORK and CHECKSUMS messages allocate fixed-sized buffersfor some of the values supplied to it.  No validation is performedby the receiving host to ensure that the data received fits in theallocated buffer(s).  If the received data cannot fit in the buffer,an overflow occurs and execution of arbitrary code on the vulnerablehost is possible.--Affected Systems:	CA License 1.0.15, 1.53-57, 1.60, 1.60.2, 1.60.3, 1.61, 1.61.1, 1.61.2,              1.61.8--Attack Scenarios:An attacker can craft a GCR message with overly long data, causinga buffer overflow on the vulnerable listening CA License server orclient.--Ease of Attack:Simple.--False Positives:None known.--False Negatives:None known.--Corrective Action:Upgrade to the most current non-affected version of the product.--Contributors:Sourcefire Vulnerability Research TeamJudy Novak <judy.novak@sourcefire.com>--Additional ReferencesiDefense:http://www.idefense.com/application/poi/display?id=214&type=vulnerabilitieshttp://www.idefense.com/application/poi/display?id=215&type=vulnerabilities--