---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. ---------------------------------------------------------------------- TITLE: CA Message Queuing Server Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA26190 VERIFY ADVISORY: http://secunia.com/advisories/26190/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From local network SOFTWARE: CA Unicenter Jasmine 3.x http://secunia.com/product/5589/ CA Unicenter Enterprise Job Manager 1.x http://secunia.com/product/5588/ CA Unicenter Data Transport Option 2.x http://secunia.com/product/5587/ CA Unicenter Asset Management 4.x http://secunia.com/product/1682/ CA Unicenter Asset Management 3.x http://secunia.com/product/5586/ CA Unicenter Application Performance Monitor 3.x http://secunia.com/product/5585/ CA eTrust Admin 8.x http://secunia.com/product/5584/ CA eTrust Admin 2.x http://secunia.com/product/5583/ CA CleverPath Predictive Analysis Server 3.x http://secunia.com/product/5581/ CA CleverPath Predictive Analysis Server 2.x http://secunia.com/product/5580/ CA CleverPath OLAP 5.x http://secunia.com/product/5578/ CA CleverPath Enterprise Content Manager (ECM) 3.x http://secunia.com/product/5579/ CA CleverPath Aion 10.x http://secunia.com/product/5582/ CA BrightStor SAN Manager 11.x http://secunia.com/product/5576/ CA BrightStor Portal 11.x http://secunia.com/product/5577/ CA Advantage Data Transport 3.x http://secunia.com/product/5574/ CA Unicenter Management for WebSphere MQ 3.x http://secunia.com/product/5590/ CA Unicenter Management for Microsoft Exchange 4.x http://secunia.com/product/5591/ CA Unicenter Management for Lotus Notes/Domino 4.x http://secunia.com/product/5592/ CA Unicenter Management for Web Servers 5.x http://secunia.com/product/5593/ CA Unicenter Network and Systems Management (NSM) 3.x http://secunia.com/product/1683/ CA Unicenter Network and Systems Management (NSM) Wireless Network Management Option 3.x http://secunia.com/product/5594/ CA Unicenter Remote Control 6.x http://secunia.com/product/2622/ CA Unicenter Service Level Management 3.x http://secunia.com/product/5595/ CA Unicenter Software Delivery 4.x http://secunia.com/product/5597/ CA Unicenter Software Delivery 3.x http://secunia.com/product/5596/ CA Unicenter TNG 2.x http://secunia.com/product/3206/ DESCRIPTION: IBM ISS X-Force has reported a vulnerability in CA Message Queuing (CAM/CAFT), which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the CA Message Queuing Server (Cam.exe) when processing packets and can be exploited to cause a stack-based buffer overflow via a specially crafted packet sent to default port 3104/TCP. Successful exploitation allows execution of arbitrary code. The vulnerability affects all versions of the CA Message Queuing software prior to v1.11 Build 54_4 on Windows and Netware. The following products are also affected: * Advantage Data Transport 3.0 * BrightStor SAN Manager 11.1, 11.5 * BrightStor Portal 11.1 * CleverPath OLAP 5.1 * CleverPath ECM 3.5 * CleverPath Predictive Analysis Server 2.0, 3.0 * CleverPath Aion 10.0 * eTrust Admin 2.01, 2.04, 2.07, 2.09, 8.0, 8.1 * Unicenter Application Performance Monitor 3.0, 3.5 * Unicenter Asset Management 3.1, 3.2, 3.2 SP1, 3.2 SP2, 4.0, 4.0 SP1 * Unicenter Data Transport Option 2.0 * Unicenter Enterprise Job Manager 1.0 SP1, 1.0 SP2 * Unicenter Jasmine 3.0 * Unicenter Management for WebSphere MQ 3.5 * Unicenter Management for Microsoft Exchange 4.0, 4.1 * Unicenter Management for Lotus Notes/Domino 4.0 * Unicenter Management for Web Servers 5, 5.0.1 * Unicenter NSM 3.0, 3.1 * Unicenter NSM Wireless Network Management Option 3.0 * Unicenter Remote Control 6.0, 6.0 SP1 * Unicenter Service Level Management 3.0, 3.0.1, 3.0.2, 3.5 * Unicenter Software Delivery 3.0, 3.1, 3.1 SP1, 3.1 SP2, 4.0, 4.0 SP1 * Unicenter TNG 2.1, 2.2, 2.4, 2.4.2 * Unicenter TNG JPN 2.2 SOLUTION: Apply the appropriate patches for the affected product. Please see the vendor's advisory for more details. CAM (Windows): http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO89945 CAM(Netware): http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO89943 PROVIDED AND/OR DISCOVERED BY: IBM ISS X-Force ORIGINAL ADVISORY: CA: http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp IBM ISS X-Force: http://www.iss.net/threats/272.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------