OSVDB ID: 18916

Title: CA Multiple Products Message Queuing (CAM/CAFT) Multiple Remote Overflows

Info

Disclosure

Aug 22, 2005

Discovery

Unknown

Dates

Exploit

Oct 18, 2005

Solution

Aug 22, 2005

Description

Multiple buffer overflows exists in multiple CA products. The Message Queuing component fails to validate multiple unspecified paraments, as well as data passed to the log_security() function resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Commercial
Disclosure: Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, CA has released a patch to address this vulnerability.

Products

CA	Unicenter Performance Management for OpenVMS	2.4 SP3
	AdviseIT	2.4
	Advantage Data Transport	3.0
	BrightStor SAN Manager	1.1
		1.1 SP1
		1.1 SP2
		11.1
	BrightStor Portal	11.1
	CleverPath OLAP	5.1
	CleverPath ECM	3.5
	CleverPath Predictive Analysis Server	2.0
	CleverPath Predictive Analysis Server	3.0
	CleverPath Aion	10.0
	eTrust Admin	8.1
		2.01
		2.04
		2.07
		2.09
		8.0
	Unicenter Application Performance Monitor	3.0
	Unicenter Application Performance Monitor	3.5
	Unicenter Asset Management	3.1
		3.2
		3.2 SP1
		3.2 SP2
		4.0
		4.0 SP1
	Unicenter Data Transport Option	2.0
	Unicenter Enterprise Job Manager	1.0 SP1
	Unicenter Enterprise Job Manager	1.0 SP2
	Unicenter Jasmine	3.0
	Unicenter Management for WebSphere MQ	3.5
	Unicenter Management for Microsoft Exchange	4.0
	Unicenter Management for Microsoft Exchange	4.1
	Unicenter Management for Lotus Notes/Domino	4.0
	Unicenter Management for Web Servers	5
	Unicenter Management for Web Servers	5.0.1
	Unicenter NSM	3.0
	Unicenter NSM	3.1
	Unicenter NSM Wireless Network Management Option	3.0
	Unicenter Remote Control	6.0
	Unicenter Remote Control	6.0 SP1
	Unicenter Service Level Management	3.0
		3.0.1
		3.0.2
		3.5
	Unicenter Software Delivery	3.0
		3.1
		3.1 SP1
		3.1 SP2
		4.0
		4.0 SP1
	Unicenter TNG	2.1
		2.2
		2.4
		2.4.2
	Unicenter TNG JPN	2.2

References

Security Tracker: 1014756 1014760 1014761 1014763 1014764 1014765 1014766 1014767 1014768 1014769 1014770 1014771 1014772 1014773 1014774 1014775
Bugtraq ID: 14622
Secunia Advisory ID: 16513
Related OSVDB ID: 18915 18917
CVE ID: 2005-2668 (see also: NVD)
CERT VU: 619988
Keyword: CAID 32919
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0732.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0413.html
Vendor Specific Advisory URL: http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp
Generic Exploit URL: http://www.frsirt.com/exploits/20051019.cacam_logsecurity_win32.pm.php
http://www.saintcorporation.com
http://www.saintcorporation.com/cgi-bin/exploit_info/ca_message_queue

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/18916

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

CA

Unicenter Performance Management for OpenVMS

AdviseIT

Advantage Data Transport

BrightStor SAN Manager

BrightStor Portal

CleverPath OLAP

CleverPath ECM

CleverPath Predictive Analysis Server

CleverPath Aion

eTrust Admin

Unicenter Application Performance Monitor

Unicenter Asset Management

Unicenter Data Transport Option

Unicenter Enterprise Job Manager

Unicenter Jasmine

Unicenter Management for WebSphere MQ

Unicenter Management for Microsoft Exchange

Unicenter Management for Lotus Notes/Domino

Unicenter Management for Web Servers

Unicenter NSM

Unicenter NSM Wireless Network Management Option

Unicenter Remote Control

Unicenter Service Level Management

Unicenter Software Delivery

Unicenter TNG

Unicenter TNG JPN

References

Credit