[CLOSE] OSVDB ID : 14323 - Disclosed: 2005-03-02

Description:

CA License Manager contains a flaw that allows a remote attacker to create arbitrary files on the file system. The issue is due to the License Client not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the PUTOLF command.

[CLOSE] OSVDB ID : 14320 - Disclosed: 2005-03-02

Description:

A remote overflow exists in License Manager. The program fails to validate GCR Checksum packets resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 14321 - Disclosed: 2005-03-02

Description:

A remote overflow exists in License Manager. The program fails to validate GCR Request packets resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 14389 - Disclosed: 2005-03-02

Description:

Muliple remote overflows exist in CA License Manager. The LIC98RMT.EXE component fails to validate the parameters passed to several commands resulting in buffer overflows. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 21146 - Disclosed: 2006-02-02

Description:

CA Message Queueing contains a flaw that may allow a remote denial of service. The issue is triggered when crafted messages are received on TCP port 4105, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 21147 - Disclosed: 2006-02-02

Description:

(Description Provided by CVE) : Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 Build 220_16 and 1.11 Build 29_20, as used in multiple CA products, allows remote attackers to cause a denial of service via spoofed CAM control messages.

[CLOSE] OSVDB ID : 16027 - Disclosed: 2002-04-05

Description:

(Description Provided by CVE) : Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and earlier may allow local users to execute arbitrary code via long command line arguments to (1) mlclear or (2) mllock.

[CLOSE] OSVDB ID : 16028 - Disclosed: 2002-04-05

Description:

(Description Provided by CVE) : Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and earlier may allow local users to execute arbitrary code via long command line arguments to (1) mlclear or (2) mllock.

[CLOSE] OSVDB ID : 45367 - Disclosed: 2008-05-19

Description:

(Description Provided by CVE) : Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file.

[CLOSE] OSVDB ID : 45368 - Disclosed: 2008-05-19

Description:

(Description Provided by CVE) : Multiple buffer overflows in xdr functions in the server in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allow remote attackers to execute arbitrary code, as demonstrated by a stack-based buffer overflow via a long parameter to the xdr_rwsstring function.

[CLOSE] OSVDB ID : 44040 - Disclosed: 2008-04-03

Description:

Multiple buffer overflows exist in multiple CA products. The Alert Notification Server fails to validate data passed to multiple unspecified parameters, in addition to known RPC requests, resulting in a stack overflow. With a specially crafted request, a remote authenticated attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 16780 - Disclosed: 2005-05-23

Description:

A remote overflow exists in multiple products which rely on Computer Associates Vet Antivirus engine. The engine fails to perform bounds checking while analyzing an OLE stream resulting in a heap overflow. With a specially crafted Microsoft Office document, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 58691 - Disclosed: 2009-10-08

Description:

(Description Provided by CVE) : Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust EZ Antivirus r7.1; Internet Security Suite 2007 (v3) through Plus 2009; and other CA products allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted RAR archive file that triggers heap corruption, a different vulnerability than CVE-2009-3588.

[CLOSE] OSVDB ID : 38611 - Disclosed: 2007-07-24

Description:

(Description Provided by CVE) : arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) 8 and certain other CA products allows remote attackers to cause a denial of service (infinite loop and loss of antivirus functionality) via an invalid "previous listing chunk number" field in a CHM file.

[CLOSE] OSVDB ID : 29534 - Disclosed: 2006-10-05

Description:

(Description Provided by CVE) : Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.

[CLOSE] OSVDB ID : 29535 - Disclosed: 2006-10-05

Description:

(Description Provided by CVE) : Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.

[CLOSE] OSVDB ID : 22529 - Disclosed: 2006-01-17

Description:

Multiple Computer Associates products that use DM Primer contain a flaw that may allow a remote denial of service. The issue is triggered when a UDP packet of larger than 1000h is intercepted, and recvfrom triggers an error which returns a -1 value, which will result in loss of availability of the Remote Control service.

[CLOSE] OSVDB ID : 56834 - Disclosed: 2009-08-06

Description:

(Description Provided by CVE) : Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data.

[CLOSE] OSVDB ID : 22530 - Disclosed: 2006-01-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 44423 - Disclosed: 2008-04-16

Description:

(Description Provided by CVE) : The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in multiple CA products including BrightStor ARCServe Backup for Laptops and Desktops r11.5, Desktop Management Suite r11.1 through r11.2 C2; Unicenter r11.1 through r11.2 C2; and Desktop and Server Management r11.1 through r11.2 C2 allows remote attackers to execute arbitrary code via crafted function arguments.

[CLOSE] OSVDB ID : 43214 - Disclosed: 2008-03-16

Description:

A buffer overflow exists in multiple CA products. The DSM ListCTRL ActiveX control fails to validate input passed to the AddColumn() method resulting in a stack overflow. With a specially crafted web page, a context dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 34586 - Disclosed: 2007-05-09

Description:

A buffer overflow exists in multiple CA products. InoCore.dll fails to validate file mappings resulting in a stack overflow. With a specially crafted file mapping, a local attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 34585 - Disclosed: 2007-05-09

Description:

A buffer overflow exists in multiple CA products. The inoweb service fails to validate the username and password resulting in a buffer overflow. With a specially crafted username or password, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 47593 - Disclosed: 2008-08-12

Description:

(Description Provided by CVE) : The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request.

[CLOSE] OSVDB ID : 47594 - Disclosed: 2008-08-12

Description:

(Description Provided by CVE) : Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, allows remote attackers to cause a denial of service via unknown vectors, related to "insufficient validation."

[CLOSE] OSVDB ID : 18916 - Disclosed: 2005-08-22

Description:

Multiple buffer overflows exists in multiple CA products. The Message Queuing component fails to validate multiple unspecified paraments, as well as data passed to the log_security() function resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 18915 - Disclosed: 2005-08-22

Description:

(Description Provided by CVE) : Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows attackers to cause a denial of service via unknown vectors, aka the "CAM TCP port vulnerability."

[CLOSE] OSVDB ID : 38598 - Disclosed: 2007-07-24

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.

[CLOSE] OSVDB ID : 18917 - Disclosed: 2005-08-22

Description:

(Description Provided by CVE) : Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT packets.

[CLOSE] OSVDB ID : 69703 - Disclosed: 2010-12-09

Description:

Multiple CA products is prone to an overflow condition. The "create_session_bab" SOAP operation fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted POST request to the xosoapapi.asmx process, a remote attacker can potentially execute arbitrary code.