Twenty Year Anniversary

CA Release Automation Code Execution

CA Release Automation Code Execution
Posted Aug 31, 2018
Authored by Ken Williams, Jakub Palaczynski, Maciej Grabiec | Site www3.ca.com

CA Technologies Support is alerting customers to a potential risk with CA Release Automation. A vulnerability exists that can allow an attacker to potentially execute arbitrary code. The vulnerability has a high risk rating and concerns insecure deserialization of a specially crafted serialized object, which can allow an attacker to potentially execute arbitrary code.

tags | advisory, arbitrary
advisories | CVE-2018-15691
MD5 | 692472172e7ba35b88ea1105d50b881e

CA Release Automation Code Execution

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CA20180829-03: Security Notice for CA Release Automation

Issued: August 29, 2018
Last Updated: August 29, 2018

CA Technologies Support is alerting customers to a potential risk with
CA Release Automation. A vulnerability exists that can allow an
attacker to potentially execute arbitrary code.

The vulnerability, CVE-2018-15691, has a high risk rating and concerns
insecure deserialization of a specially crafted serialized object,
which can allow an attacker to potentially execute arbitrary code.


Risk Rating

High


Platform(s)

All supported platforms


Affected Products

CA Release Automation 6.3
CA Release Automation 6.4
CA Release Automation 6.5

Note: older, unsupported releases may be affected.


Unaffected Products

CA Release Automation 6.6
CA Release Automation 6.3.0.9945 or later
CA Release Automation 6.4.0.10119 or later
CA Release Automation 6.5.0.10080 or later


How to determine if the installation is affected

Check the build number with the Help->About menu option, or determine
which fixes are applied by looking at the Fix_Maintenance directory.


Solution

CA Technologies published the following solutions to address the
vulnerabilities.

CA Release Automation 6.3:
Apply Cumulative Fix build 9945 or later.

CA Release Automation 6.4:
Apply Cumulative Fix build 10119 or later.

CA Release Automation 6.5:
Apply Cumulative Fix build 10080 or later.


References

CVE-2018-15691 - CA Release Automation deserialization vulnerability


Acknowledgement

CVE-2018-15691 - Jakub Palaczynski and Maciej Grabiec


Change History

Version 1.0: 2018-08-29 - Initial Release


Customers who require additional information about this notice may
contact CA Technologies Support at https://support.ca.com/

To report a suspected vulnerability in a CA Technologies product,
please send a summary to CA Technologies Product Vulnerability
Response at vuln <AT> ca.com

Security Notices and PGP key
support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782

Regards,
Ken Williams
Vulnerability Response Director, Product Vulnerability Response Team
CA Technologies | 520 Madison Avenue, 22nd Floor, New York NY 10022


Copyright (c) 2018 CA. 520 Madison Avenue, 22nd Floor, New York, NY
10022. All other trademarks, trade names, service marks, and logos
referenced herein belong to their respective companies.

-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 15238)
Charset: utf-8

wsFVAwUBW4lufblJjor7ahBNAQgHCRAAlbiI2WtlSe1vnsES3mBAajChsQgClspH
BZ5AYknsLv9BUxObn+ungcXUjEl72fEOHYSIHjT4hSZFOKtmk+zNRc8X6dQV9V6a
ekVxUZhb08sowb2hNdG3DFKlArAX8gF1wVC/WaQvncLbPuvpKN+7z+1mpjYp7PJn
Sb+tW5LoMl7cQ50q1x+bjITPzNuOfG8CBqk4ErYD4adjv6iIdvPlysPhRuZI108B
0vDOfOkxGgEGbtDoIrm+7KNoD3HT1O6rZAjdAq8M9iCUO+ae7orTe1Euf+Q/1mh/
FBCNNcWbVyciy0Y7JJyrFOozMJhdRYn8WANOG5kil8la50iSmLKoDunh0r4N+i8F
XHTQGzvs4FLQaSC/eKpsW1+WPg/l9UmsJk6DUVn4Ql4cEpBzYjgve28XnHQ8Os23
m2oBMKnT+Vm+5uuiVhvMXfif633Qji715Cd+iEVofyzH1EcDU5QCIjW2zlP973XE
0oeYokEdTV9yLZz8UgNJVebJaCcNPvrxHfCWEsoOcumrk140dKpI3mclwc1gjJ5E
kehPO0usLZDGalzvuXawozwKy5ByYUF/vDCiB29izfJVWbUr0XVAVz0Ku7Zb5+Pn
3NDRTzzoI4igpe0Mr8Ne6NZJngFu0rI7KhEv+pf5lK4ZBbwHqofBlS3EMyKm6dpZ
buTODvqItNQ=
=KxBP
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    11 Files
  • 2
    Dec 2nd
    1 Files
  • 3
    Dec 3rd
    18 Files
  • 4
    Dec 4th
    40 Files
  • 5
    Dec 5th
    16 Files
  • 6
    Dec 6th
    50 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    1 Files
  • 9
    Dec 9th
    1 Files
  • 10
    Dec 10th
    15 Files
  • 11
    Dec 11th
    30 Files
  • 12
    Dec 12th
    25 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close