|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Vulnerability Note VU#619988
Computer Associates Message Queuing software vulnerable to buffer overflows
OverviewComputer Associates Message Queuing software contains buffer overflow conditions, which may allow a remote attacker to execute arbitrary code with elevated privileges.
I. DescriptionComputer Associates Message Queuing (CAM / CAFT) is a software component that provides messaging services. CAM provides a "store and forward" messaging framework for applications, and CAFT is an application that utilizes CAM for file transfers. Multiple Computer Associates applications use CAM / CAFT for their messaging requirements. According to the Computer Associates SupportConnect document, the following applications use CAM / CAFT:
AdviseIT 2.4
Advantage™ Data Transport 3.0
BrightStor® SAN Manager 1.1, 1.1 SP1, 1.1 SP2, 11.1
BrightStor® Portal 11.1
CleverPath™ OLAP 5.1
CleverPath™ ECM 3.5
CleverPath™ Predictive Analysis Server 2.0, 3.0
CleverPath™ Aion 10.0
eTrust™ Admin 2.01, 2.04, 2.07, 2.09, 8.0, 8.1
Unicenter Performance Management for OpenVMS r2.4 SP3
Unicenter® Application Performance Monitor 3.0, 3.5
Unicenter® Asset Management 3.1, 3.2, 3.2 SP1, 3.2 SP2, 4.0, 4.0 SP1
Unicenter® Data Transport Option 2.0
Unicenter® Enterprise Job Manager 1.0 SP1, 1.0 SP2
Unicenter® Jasmine 3.0
Unicenter® Management for WebSphere MQ 3.5
Unicenter® Management for Microsoft Exchange 4.0, 4.1
Unicenter® Management for Lotus Notes/Domino 4.0
Unicenter® Management for Web Servers 5, 5.0.1
Unicenter® NSM 3.0, 3.1
Unicenter® NSM Wireless Network Management Option 3.0
Unicenter® Remote Control 6.0, 6.0 SP1
Unicenter® Service Level Management 3.0, 3.0.1, 3.0.2, 3.5
Unicenter® Software Delivery 3.0, 3.1, 3.1 SP1, 3.1 SP2, 4.0, 4.0 SP1
Unicenter® TNG 2.1, 2.2, 2.4, 2.4.2
Unicenter® TNG JPN 2.2
Computer Associates CAM / CAFT contains multiple buffer overflow conditions.
II. ImpactA remote attacker may be able to execute arbitrary code on the CAM / CAFT system with elevated privileges.
III. SolutionUpgrade or patch
Please see the Computer Associates SupportConnect notice for fix availability.
Systems Affected
References
http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp
http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_faqs.asp
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32919
http://secunia.com/advisories/16513/
http://www.securityfocus.com/bid/14622
http://osvdb.org/displayvuln.php?osvdb_id=18916
http://securitytracker.com/alerts/2005/Aug/1014775.html
http://securitytracker.com/alerts/2005/Aug/1014774.html
http://securitytracker.com/alerts/2005/Aug/1014773.html
http://securitytracker.com/alerts/2005/Aug/1014772.html
http://securitytracker.com/alerts/2005/Aug/1014771.html
http://securitytracker.com/alerts/2005/Aug/1014770.html
http://securitytracker.com/alerts/2005/Aug/1014769.html
http://securitytracker.com/alerts/2005/Aug/1014768.html
http://securitytracker.com/alerts/2005/Aug/1014767.html
http://securitytracker.com/alerts/2005/Aug/1014766.html
http://securitytracker.com/alerts/2005/Aug/1014765.html
http://securitytracker.com/alerts/2005/Aug/1014764.html
http://securitytracker.com/alerts/2005/Aug/1014763.html
http://securitytracker.com/alerts/2005/Aug/1014761.html
http://securitytracker.com/alerts/2005/Aug/1014760.html
http://securitytracker.com/alerts/2005/Aug/1014756.html
http://www.securityfocus.com/bid/14623
Credit
Thanks to Computer Associates for reporting this vulnerability.
This document was written by Will Dormann.
Other Information
| Date Public: | 2005-08-19 |
| Date First Published: | 2005-08-23 |
| Date Last Updated: | 2005-10-21 |
| CERT Advisory: | |
| CVE-ID(s): | CVE-2005-2668 |
| NVD-ID(s): | CVE-2005-2668 |
| US-CERT Technical Alerts: | |
| Metric: | 13.13 |
| Document Revision: | 22 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|
Get Adobe Reader