Computer Associates (CA) Message Queuing buffer overflow

systems-management-bo (32234) The risk level is classified as HighHigh Risk

Description:

The CA Message Queuing server (CAM/CAFT), including in various Computer Associates' products, is vulnerable to a stack-based buffer overflow. By sending a specially-crafted request to TCP port 3104, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges.

Platforms Affected:

  • CA, Advantage Data Transport 3.0
  • CA, BrightStor Portal 11.1
  • CA, BrightStor SAN Manager 11.1
  • CA, BrightStor SAN Manager 11.5
  • CA, CleverPath Aion 10.0
  • CA, CleverPath ECM 3.5
  • CA, CleverPath OLAP 5.1
  • CA, CleverPath Predictive Analysis Server 2.0
  • CA, CleverPath Predictive Analysis Server 3.0
  • CA, eTrust Admin 2.01
  • CA, eTrust Admin 2.04
  • CA, eTrust Admin 2.07
  • CA, eTrust Admin 2.09
  • CA, eTrust Admin 8.0
  • CA, eTrust Admin 8.1
  • CA, Unicenter Application Performance Monitor 3.0
  • CA, Unicenter Application Performance Monitor 3.5
  • CA, Unicenter Asset Management 3.1
  • CA, Unicenter Asset Management 3.2 SP2
  • CA, Unicenter Asset Management 3.2
  • CA, Unicenter Asset Management 3.2 SP1
  • CA, Unicenter Asset Management 4.0 SP1
  • CA, Unicenter Asset Management 4.0
  • CA, Unicenter Data Transport Option 2.0
  • CA, Unicenter Enterprise Job Manager 1.0 SP1
  • CA, Unicenter Enterprise Job Manager 1.0 SP2
  • CA, Unicenter Jasmine 3.0
  • CA, Unicenter Management Lotus Note Domino 4.0
  • CA, Unicenter Management Microsoft Exchange 4.0
  • CA, Unicenter Management Microsoft Exchange 4.1
  • CA, Unicenter Management Web Servers 5
  • CA, Unicenter Management Web Servers 5.0.1
  • CA, Unicenter Management WebSphere MQ 3.5
  • CA, Unicenter NSM 3.0
  • CA, Unicenter NSM 3.1
  • CA, Unicenter NSM Wireless Network Management Option 3.0
  • CA, Unicenter Remote Control 6.0 SP1
  • CA, Unicenter Remote Control 6.0
  • CA, Unicenter Service Level Management 3.0
  • CA, Unicenter Service Level Management 3.0.1
  • CA, Unicenter Service Level Management 3.0.2
  • CA, Unicenter Service Level Management 3.5
  • CA, Unicenter Software Delivery 3.0
  • CA, Unicenter Software Delivery 3.1 SP1
  • CA, Unicenter Software Delivery 3.1 SP2
  • CA, Unicenter Software Delivery 3.1
  • CA, Unicenter Software Delivery 4.0
  • CA, Unicenter Software Delivery 4.0 SP1
  • CA, Unicenter TNG 2.1
  • CA, Unicenter TNG 2.2
  • CA, Unicenter TNG 2.4
  • CA, Unicenter TNG 2.4.2
  • CA, Unicenter TNG JPN 2.2

Remedy:

Refer to the CA SupportConnect document dated July 24th, 2007 "Security Notice for CA Message Queuing (CAM / CAFT) vulnerability", for patch, upgrade, or suggested workaround information. See References.

Consequences:

Gain Access

References:

  • CA SupportConnect July 24th, 2007, Security Notice for CA Message Queuing (CAM / CAFT) vulnerability at http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp.
  • IBM Internet Security Systems Protection Advisory July 24, 2007, CA Message Queuing Server (Cam.exe) Overflow at http://www.iss.net/threats/272.html.
  • BID-25051: Computer Associates Multiple Products Message Queuing Remote Stack Buffer Overflow Vulnerability
  • CVE-2007-0060: Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.
  • FrSIRT/ADV-2007-2638: CA Products Message Queuing Remote Command Execution Vulnerability
  • SA26190: CA Message Queuing Server Buffer Overflow Vulnerability
  • SECTRACK ID: 1018449: eTrust Admin Buffer Overflow in Message Queuing Component Lets Remote Users Execute Arbitrary Code

Reported:

Jul 24, 2007

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page