Computer Associates (CA) Message Queuing buffer overflow
| systems-management-bo (32234) |  High Risk |
Description:
The CA Message Queuing server (CAM/CAFT), including in various Computer Associates' products, is vulnerable to a stack-based buffer overflow. By sending a specially-crafted request to TCP port 3104, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges.
*CVSS:
| Base Score: | 10 |
| Access Vector: | Remote |
| Access Complexity: | Low |
| Authentication: | Not Required |
| Confidentiality Impact: | Complete |
| Integrity Impact: | Complete |
| Availability Impact: | Complete |
| Temporal Score: | 7.4 |
| Exploitability: | Unproven |
| Remediation Level: | Official-Fix |
| Report Confidence: | Confirmed |
Consequences:
Gain Access
Remedy:
Refer to the CA SupportConnect document dated July 24th, 2007 "Security Notice for CA Message Queuing (CAM / CAFT) vulnerability", for patch, upgrade, or suggested workaround information. See References.
References:
- CA SupportConnect July 24th, 2007: Security Notice for CA Message Queuing (CAM / CAFT) vulnerability.
- IBM Internet Security Systems Protection Advisory July 24, 2007: CA Message Queuing Server (Cam.exe) Overflow.
- BID-25051: Computer Associates Multiple Products Message Queuing Remote Stack Buffer Overflow Vulnerability
- CVE-2007-0060: Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.
- SA26190: CA Message Queuing Server Buffer Overflow Vulnerability
- SECTRACK ID: 1018449: eTrust Admin Buffer Overflow in Message Queuing Component Lets Remote Users Execute Arbitrary Code
- VUPEN/ADV-2007-2638: CA Products Message Queuing Remote Command Execution Vulnerability
Platforms Affected:
- CA Advantage Data Transport 3.0
- CA BrightStor Portal 11.1
- CA BrightStor SAN Manager 11.1
- CA BrightStor SAN Manager 11.5
- CA CleverPath Aion 10.0
- CA CleverPath ECM 3.5
- CA CleverPath OLAP 5.1
- CA CleverPath Predictive Analysis Server 2.0
- CA CleverPath Predictive Analysis Server 3.0
- CA eTrust Admin 2.01
- CA eTrust Admin 2.04
- CA eTrust Admin 2.07
- CA eTrust Admin 2.09
- CA eTrust Admin 8.0
- CA eTrust Admin 8.1
- CA Unicenter Application Performance Monitor 3.0
- CA Unicenter Application Performance Monitor 3.5
- CA Unicenter Asset Management 3.1
- CA Unicenter Asset Management 3.2
- CA Unicenter Asset Management 3.2 SP2
- CA Unicenter Asset Management 3.2 SP1
- CA Unicenter Asset Management 4.0 SP1
- CA Unicenter Asset Management 4.0
- CA Unicenter Data Transport Option 2.0
- CA Unicenter Enterprise Job Manager 1.0 SP1
- CA Unicenter Enterprise Job Manager 1.0 SP2
- CA Unicenter Jasmine 3.0
- CA Unicenter Management Lotus Note Domino 4.0
- CA Unicenter Management Microsoft Exchange 4.0
- CA Unicenter Management Microsoft Exchange 4.1
- CA Unicenter Management Web Servers 5
- CA Unicenter Management Web Servers 5.0.1
- CA Unicenter Management WebSphere MQ 3.5
- CA Unicenter NSM 3.0
- CA Unicenter NSM 3.1
- CA Unicenter NSM Wireless Network Management Option 3.0
- CA Unicenter Remote Control 6.0
- CA Unicenter Remote Control 6.0 SP1
- CA Unicenter Service Level Management 3.0
- CA Unicenter Service Level Management 3.0.1
- CA Unicenter Service Level Management 3.0.2
- CA Unicenter Service Level Management 3.5
- CA Unicenter Software Delivery 3.0
- CA Unicenter Software Delivery 3.1 SP2
- CA Unicenter Software Delivery 3.1 SP1
- CA Unicenter Software Delivery 3.1
- CA Unicenter Software Delivery 4.0
- CA Unicenter Software Delivery 4.0 SP1
- CA Unicenter TNG 2.1
- CA Unicenter TNG 2.2
- CA Unicenter TNG 2.4
- CA Unicenter TNG 2.4.2
- CA Unicenter TNG JPN 2.2
Reported:
Jul 24, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net
* According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall IBM be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.