CA Various Products Message Queuing Vulnerabilities - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

CA Various Products Message Queuing Vulnerabilities

Secunia Advisory:	SA16513
Release Date:	2005-08-22
Last Update:	2005-10-20

Critical:	Moderately critical
Impact:	Spoofing DoS System access
Where:	From local network
Solution Status:	Vendor Patch

Software:	CA Advantage Data Transport 3.x CA BrightStor Portal 11.x CA BrightStor SAN Manager 1.x CA BrightStor SAN Manager 11.x CA CleverPath Aion 10.x CA CleverPath Enterprise Content Manager (ECM) 3.x CA CleverPath OLAP 5.x CA CleverPath Predictive Analysis Server 2.x CA CleverPath Predictive Analysis Server 3.x CA eTrust Admin 2.x CA eTrust Admin 8.x CA Unicenter Application Performance Monitor 3.x CA Unicenter Asset Management 3.x CA Unicenter Asset Management 4.x CA Unicenter Data Transport Option 2.x CA Unicenter Enterprise Job Manager 1.x CA Unicenter Jasmine 3.x CA Unicenter Management for Lotus Notes/Domino 4.x CA Unicenter Management for Microsoft Exchange 4.x CA Unicenter Management for Web Servers 5.x CA Unicenter Management for WebSphere MQ 3.x CA Unicenter Network and Systems Management (NSM) 3.x CA Unicenter Network and Systems Management (NSM) Wireless Network Management Option 3.x CA Unicenter Performance Management for OpenVMS 2.x CA Unicenter Remote Control 6.x CA Unicenter Service Level Management 3.x CA Unicenter Software Delivery 3.x CA Unicenter Software Delivery 4.x CA Unicenter TNG 2.x

CVE reference:	CVE-2005-2667 (Secunia mirror) CVE-2005-2668 (Secunia mirror) CVE-2005-2669 (Secunia mirror)

	Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS!

Description: Some vulnerabilities have been reported in various products within the CA Message Queuing (CAM / CAFT) software, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. 1) An unspecified error in the CAM service can be exploited to cause a DoS by sending specially crafted packets to the TCP port. 2) Unspecified boundary errors can be exploited to cause buffer overflows by sending specially crafted packets to the service. Successful exploitation allows execution of arbitrary code. 3) An error can be exploited to spoof CAFT and execute arbitrary commands with escalated privileges. The vulnerabilities affect all versions of the CA Message Queuing software prior to versions 1.07 Build 220_13 and 1.11 Build 29_13. NOTE: An exploit for the vulnerability is publicly available. Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, scan using the Network Software Inspector. Solution: Apply patches (see vendor advisory for details). Provided and/or discovered by: Reported by vendor. Changelog: 2005-08-24: Added link to US-CERT vulnerability note. 2005-08-25: Added CVE references. 2005-10-20: Updated "Description" section. Original Advisory: Computer Associates: http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp Other References: US-CERT VU#619988: http://www.kb.cert.org/vuls/id/619988



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

20 Related Secunia Security Advisories, displaying 10

1. CA Products Ingres Multiple Vulnerabilities

2. CA Products Ingres User Authentication Security Issue

3. CA Message Queuing Server Buffer Overflow Vulnerability

4. CA Products CHM and RAR File Processing Denial of Service Vulnerabilities

5. CA Products Ingres Database Vulnerabilities

6. CA Anti-Virus Engine CAB Archive Processing Buffer Overflows

7. CA CleverPath Portal SQL Injection Vulnerability

8. CA eTrust Admin GINA Component Privilege Escalation

9. CA Portal Technology Session Handling Vulnerability

10. CA Products Message Queuing Denial of Service

Show all related advisories

Send Feedback to Secunia

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	rPath update for kernel and xen

2.	Opera Multiple Vulnerabilities

3.	Folder Lock Weak Password Encryption Security Issue

4.	vBulletin Private Message Subject Script Insertion

5.	Subdreamer Light Global Variables SQL Injection Vulnerability

6.	neon "parse_domain() " Denial of Service Vulnerability

7.	SunShop Shopping Cart class.ajax.php SQL Injection Vulnerabilities

8.	PHP Live Helper Multiple Vulnerabilities

9.	Microsoft Access Snapshot Viewer ActiveX Control Vulnerability

10.	Anzio Web Print Object (WePO) ActiveX Component "mainurl" Buffer Overflow