Secunia

IBM ISS X-Force has reported a vulnerability in CA Message Queuing (CAM/CAFT), which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error in the CA Message Queuing Server (Cam.exe) when processing packets and can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to default port 3104/TCP.

Successful exploitation allows execution of arbitrary code.

The vulnerability affects all versions of the CA Message Queuing software prior to v1.11 Build 54_4 on Windows and Netware. The following products are also affected:
* Advantage Data Transport 3.0
* BrightStor SAN Manager 11.1, 11.5
* BrightStor Portal 11.1
* CleverPath OLAP 5.1
* CleverPath ECM 3.5
* CleverPath Predictive Analysis Server 2.0, 3.0
* CleverPath Aion 10.0
* eTrust Admin 2.01, 2.04, 2.07, 2.09, 8.0, 8.1
* Unicenter Application Performance Monitor 3.0, 3.5
* Unicenter Asset Management 3.1, 3.2, 3.2 SP1, 3.2 SP2, 4.0, 4.0 SP1
* Unicenter Data Transport Option 2.0
* Unicenter Enterprise Job Manager 1.0 SP1, 1.0 SP2
* Unicenter Jasmine 3.0
* Unicenter Management for WebSphere MQ 3.5
* Unicenter Management for Microsoft Exchange 4.0, 4.1
* Unicenter Management for Lotus Notes/Domino 4.0
* Unicenter Management for Web Servers 5, 5.0.1
* Unicenter NSM 3.0, 3.1
* Unicenter NSM Wireless Network Management Option 3.0
* Unicenter Remote Control 6.0, 6.0 SP1
* Unicenter Service Level Management 3.0, 3.0.1, 3.0.2, 3.5
* Unicenter Software Delivery 3.0, 3.1, 3.1 SP1, 3.1 SP2, 4.0, 4.0 SP1
* Unicenter TNG 2.1, 2.2, 2.4, 2.4.2
* Unicenter TNG JPN 2.2

Solution
Apply the appropriate patches for the affected product. Please see the vendor's advisory for more details.
Further details available in Customer Area

Provided and/or discovered by
IBM ISS X-Force

Original Advisory
CA:
http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp

IBM ISS X-Force:
http://www.iss.net/threats/272.html

Deep Links
Links available in Customer Area