---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: CA Various Products Message Queuing Vulnerabilities SECUNIA ADVISORY ID: SA16513 VERIFY ADVISORY: http://secunia.com/advisories/16513/ CRITICAL: Moderately critical IMPACT: Spoofing, DoS, System access WHERE: >From local network SOFTWARE: CA Unicenter TNG 2.x http://secunia.com/product/3206/ CA Unicenter Software Delivery 4.x http://secunia.com/product/5597/ CA Unicenter Software Delivery 3.x http://secunia.com/product/5596/ CA Unicenter Service Level Management 3.x http://secunia.com/product/5595/ CA Unicenter Remote Control 6.x http://secunia.com/product/2622/ CA Unicenter Performance Management for OpenVMS 2.x http://secunia.com/product/5573/ CA Unicenter Network and Systems Management (NSM) Wireless Network Management Option 3.x http://secunia.com/product/5594/ CA Unicenter Network and Systems Management (NSM) 3.x http://secunia.com/product/1683/ CA Unicenter Management for WebSphere MQ 3.x http://secunia.com/product/5590/ CA Unicenter Management for Web Servers 5.x http://secunia.com/product/5593/ CA Unicenter Management for Microsoft Exchange 4.x http://secunia.com/product/5591/ CA Unicenter Management for Lotus Notes/Domino 4.x http://secunia.com/product/5592/ CA Unicenter Jasmine 3.x http://secunia.com/product/5589/ CA Unicenter Enterprise Job Manager 1.x http://secunia.com/product/5588/ CA Unicenter Data Transport Option 2.x http://secunia.com/product/5587/ CA Unicenter Asset Management 4.x http://secunia.com/product/1682/ CA Unicenter Asset Management 3.x http://secunia.com/product/5586/ CA Unicenter Application Performance Monitor 3.x http://secunia.com/product/5585/ CA eTrust Admin 8.x http://secunia.com/product/5584/ CA eTrust Admin 2.x http://secunia.com/product/5583/ CA CleverPath Predictive Analysis Server 3.x http://secunia.com/product/5581/ CA CleverPath Predictive Analysis Server 2.x http://secunia.com/product/5580/ CA CleverPath OLAP 5.x http://secunia.com/product/5578/ CA CleverPath Enterprise Content Manager (ECM) 3.x http://secunia.com/product/5579/ CA CleverPath Aion 10.x http://secunia.com/product/5582/ CA BrightStor SAN Manager 11.x http://secunia.com/product/5576/ CA BrightStor SAN Manager 1.x http://secunia.com/product/5575/ CA BrightStor Portal 11.x http://secunia.com/product/5577/ CA Advantage Data Transport 3.x http://secunia.com/product/5574/ DESCRIPTION: Some vulnerabilities have been reported in various products within the CA Message Queuing (CAM / CAFT) software, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system. 1) An unspecified error in the CAM service can be exploited to cause a DoS by sending specially crafted packets to the TCP port. 2) Unspecified boundary errors can be exploited to cause buffer overflows by sending specially crafted packets to the service. Successful exploitation allows execution of arbitrary code. 3) An error can be exploited to spoof CAFT and execute arbitrary commands with escalated privileges. The vulnerabilities affect all versions of the CA Message Queuing software prior to versions 1.07 Build 220_13 and 1.11 Build 29_13. SOLUTION: Apply patches (see vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: Computer Associates: http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------