Admins who didn't move quickly to patch a widespread vulnerability in software from Computer Associates should reconsider: One of the security firms that unearthed the flaw in the first place says code that exploits the flaw has been found on the Web. Worse, companies that have evaluated CA software but later uninstalled it may still be at risk.
CA and security firm eEye first reported a flaw in CA's license manager software on March 2. The vulnerability was noteworthy because it involved a number of CA software packages across all the company's supported architecture. CA released a patch the day the vulnerability was made public.On March 7, the Hat-Squad Security Group published an exploit for the vulnerability.
Since then, eEye has released a freely available application that scans systems for the vulnerability. Adding an unfortunate wrinkle to the situation is the fact that eEye reports users who have evaluated CA software but later removed it might still be vulnerable to the flaw.
"Even if the program was removed manually, the License Manager code that includes the vulnerabilities could potentially still be on the machine, thus enabling an attacker to take control of the system remotely," the company reports.
"The CA flaws are particularly tricky, as even those that diligently removed any CA products they may have evaluated are still at risk," said Firas Raouf, chief operating officer at eEye.