Malicious hackers have released code that exploits a widespread vulnerability in Computer Associates software.
The exploit code was created on Friday, just two days after CA warned customers and issued a patch for security holes in its licence and management softwarem, which is shipped with almost all CA products.
The exploit could allow a remote attacker to take control of systems, according to security experts.
CA has noted that there are no known attacks using code that exploits the vulnerabilities. But it strongly recommends customers apply the patches immediately.
The holes were discovered by security companies eEye, Digital Security and iDefense and affects CA License software versions 1.53 through 1.61.8 for Windows, Solaris, OS X, Unix and Linux.
The exploit code, credited to a group called the Hat-Squad, targets the CA License Client on Windows and allows a remote attacker to cause a stack overflow then run code that gives the attacker control of the system. On Sunday, a copy of the exploit was posted on the website class101.org, which publishes software exploits and other hacking tools.
By Tuesday, The SANS Institute's Internet Storm Center noted increased scans on TCP ports 10202 and 10203, used by the License Client. "This should raise alarm bells," said Firas Raouf, COO of eEye.
The License Client poses a serious risk to corporate security, because it is widely distributed with CA's software, and because the security hole in the Client is so easy to exploit, Raouf said. He was also critical of CA, saying that the company did not adequately audit the License Client and server software.
"Clearly CA has not done due diligence, from a vulnerability scanning standpoint, on their License Client. This vulnerability was really easy to find and to exploit," he said.