---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: CA Products Data Transport Services Buffer Overflow SECUNIA ADVISORY ID: SA36142 VERIFY ADVISORY: http://secunia.com/advisories/36142/ DESCRIPTION: A vulnerability has been reported in multiple CA products, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to a boundary error in the "dtscore" library from the Data Transport Services implementation and can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in the following products and versions: * CA Software Delivery r11.2 C1, C2, C3, and SP4 * Unicenter Software Delivery 4.0 C3 * CA Advantage Data Transport 3.0 C1 * CA IT Client Manager r12 SOLUTION: Apply vendor patches. -- CA Software Delivery r11.2 C1 and C2 -- Update to to r11.2 C3 and apply RO08984 or update to r11.2 SP4 and apply RO08956. -- CA Software Delivery r11.2 C3 -- Apply RO08984: http://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=RO08984 -- CA Software Delivery r11.2 SP4 -- Apply RO08956: http://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=RO08956 -- Unicenter Software Delivery 4.0 C3 and CA Advantage Data Transport 3.0 C1 -- Apply RO08976: http://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=RO08976 -- CA IT Client Manager r12 -- Apply RO10086: http://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=RO10086 PROVIDED AND/OR DISCOVERED BY: The vendor credits Orlando Padilla and Peter Silberman of Breakpoint Security working with ZDI. ORIGINAL ADVISORY: CA20090806-01: http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------