ID

VAR-200508-0051

CVE

CVE-2005-2668

TITLE

Computer Associates Message Queuing software vulnerable to buffer overflows

DESCRIPTION

Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown vectors. This may allow an attacker to escalate their privileges to SYSTEM level. CA Unicenter Management Portal provides access to enterprise management information and various Unicenter management solutions such as personalized WEB interface. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: CA Various Products Message Queuing Vulnerabilities SECUNIA ADVISORY ID: SA16513 VERIFY ADVISORY: http://secunia.com/advisories/16513/ CRITICAL: Moderately critical IMPACT: Spoofing, DoS, System access WHERE: >From local network SOFTWARE: CA Unicenter TNG 2.x http://secunia.com/product/3206/ CA Unicenter Software Delivery 4.x http://secunia.com/product/5597/ CA Unicenter Software Delivery 3.x http://secunia.com/product/5596/ CA Unicenter Service Level Management 3.x http://secunia.com/product/5595/ CA Unicenter Remote Control 6.x http://secunia.com/product/2622/ CA Unicenter Performance Management for OpenVMS 2.x http://secunia.com/product/5573/ CA Unicenter Network and Systems Management (NSM) Wireless Network Management Option 3.x http://secunia.com/product/5594/ CA Unicenter Network and Systems Management (NSM) 3.x http://secunia.com/product/1683/ CA Unicenter Management for WebSphere MQ 3.x http://secunia.com/product/5590/ CA Unicenter Management for Web Servers 5.x http://secunia.com/product/5593/ CA Unicenter Management for Microsoft Exchange 4.x http://secunia.com/product/5591/ CA Unicenter Management for Lotus Notes/Domino 4.x http://secunia.com/product/5592/ CA Unicenter Jasmine 3.x http://secunia.com/product/5589/ CA Unicenter Enterprise Job Manager 1.x http://secunia.com/product/5588/ CA Unicenter Data Transport Option 2.x http://secunia.com/product/5587/ CA Unicenter Asset Management 4.x http://secunia.com/product/1682/ CA Unicenter Asset Management 3.x http://secunia.com/product/5586/ CA Unicenter Application Performance Monitor 3.x http://secunia.com/product/5585/ CA eTrust Admin 8.x http://secunia.com/product/5584/ CA eTrust Admin 2.x http://secunia.com/product/5583/ CA CleverPath Predictive Analysis Server 3.x http://secunia.com/product/5581/ CA CleverPath Predictive Analysis Server 2.x http://secunia.com/product/5580/ CA CleverPath OLAP 5.x http://secunia.com/product/5578/ CA CleverPath Enterprise Content Manager (ECM) 3.x http://secunia.com/product/5579/ CA CleverPath Aion 10.x http://secunia.com/product/5582/ CA BrightStor SAN Manager 11.x http://secunia.com/product/5576/ CA BrightStor SAN Manager 1.x http://secunia.com/product/5575/ CA BrightStor Portal 11.x http://secunia.com/product/5577/ CA Advantage Data Transport 3.x http://secunia.com/product/5574/ DESCRIPTION: Some vulnerabilities have been reported in various products within the CA Message Queuing (CAM / CAFT) software, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. 1) An unspecified error in the CAM service can be exploited to cause a DoS by sending specially crafted packets to the TCP port. 2) Unspecified boundary errors can be exploited to cause buffer overflows by sending specially crafted packets to the service. 3) An error can be exploited to spoof CAFT and execute arbitrary commands with escalated privileges. The vulnerabilities affect all versions of the CA Message Queuing software prior to versions 1.07 Build 220_13 and 1.11 Build 29_13. SOLUTION: Apply patches (see vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: Computer Associates: http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

other

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

The discoverer of this vulnerability is currently unknown. The vendor disclosed this issue.

SOURCES

LAST UPDATE DATE

2024-08-14T13:40:04.616000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE