---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: CA Products Ingres Multiple Vulnerabilities SECUNIA ADVISORY ID: SA31398 VERIFY ADVISORY: http://secunia.com/advisories/31398/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: eTrust Directory 8.x http://secunia.com/product/7114/ CA Unicenter Software Delivery 11.x http://secunia.com/product/7120/ CA Unicenter ServicePlus Service Desk 6.x http://secunia.com/product/1684/ CA Unicenter ServicePlus Service Desk 11.x http://secunia.com/product/14602/ CA Unicenter Service Metric Analysis 11.x http://secunia.com/product/7126/ CA Unicenter Service Catalog 11.x http://secunia.com/product/7129/ CA Unicenter Remote Control 11.x http://secunia.com/product/14596/ CA Unicenter Network and Systems Management (NSM) 3.x http://secunia.com/product/1683/ CA Unicenter Network and Systems Management (NSM) 11.x http://secunia.com/product/14437/ CA Unicenter Job Management Option 11.x http://secunia.com/product/14592/ CA Unicenter Asset Management 11.x http://secunia.com/product/14589/ CA eTrust Audit 8.x http://secunia.com/product/5912/ CA eTrust Admin 8.x http://secunia.com/product/5584/ CA CleverPath Aion 10.x http://secunia.com/product/5582/ CA AllFusion Harvest Change Manager 7.x http://secunia.com/product/5905/ CA Advantage Data Transformer 2.x http://secunia.com/product/5904/ BrightStor ARCserve Backup 11.x http://secunia.com/product/312/ CA Single Sign-On 8.x http://secunia.com/product/19466/ CA Embedded Entitlements Manager 8.x http://secunia.com/product/14582/ CA Identity Manager 12.x http://secunia.com/product/19467/ CA Unicenter Workload Control Center 11.x http://secunia.com/product/19468/ DESCRIPTION: Some vulnerabilities have been reported in CA products, which can be exploited by malicious, local users to gain escalated privileges. For more information: SA31357 NOTE: The vulnerabilities do not affect Windows-based Ingres installations. The vulnerabilities are reported in the following products and versions: * Admin r8.1 SP2 * Advantage Data Transformer r2.2 * Allfusion Harvest Change Manager r7.1 * CA ARCserve Backup for Unix r11.1, r11.5 GA/SP1/SP2/SP3 * CA ARCserve Backup for Linux r11.1, r11.5 GA/SP1/SP2/SP3 * CA Directory r8.1 * CA Job Management Option R11.0 * CA Single Sign-On r8.1 * CleverPath Aion BPM r10.1, r10.2 * EEM 8.1, 8.2, 8.2.1 * eTrust Audit/SCC 8.0 sp2 * Identity Manager r12 * NSM 3.0 0305, 3.1 0403, r3.1 SP1 0703, r11 * Unicenter Asset Management r11.1, r11.2 * Unicenter Remote Control r11.2 * Unicenter Service Catalog r2.2, r11.1 * Unicenter Service Metric Analysis r11.1 * Unicenter ServicePlus Service Desk 6.0, r11, r11.1, r11.2 * Unicenter Software Delivery r11.1, r11.2 * Unicenter Workload Control Center r11 SOLUTION: Apply patches (please see vendor advisory for details). PROVIDED AND/OR DISCOVERED BY: The vendor credits iDefense Labs. ORIGINAL ADVISORY: CA: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=181989 OTHER REFERENCES: SA31357: http://secunia.com/advisories/31357/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------