what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

CA Automic Sysload Arbitrary Command Execution

CA Automic Sysload Arbitrary Command Execution
Posted Dec 11, 2019
Authored by Raphael Rigo, Ken Williams | Site www3.ca.com

CA Technologies, A Broadcom Company, is alerting customers to a potential risk with CA Automic Sysload in the File Server component. A vulnerability exists that can allow a remote attacker to execute arbitrary commands. CA published solutions to address the vulnerability and recommends that all affected customers implement this solution. The vulnerability occurs due to a lack of authentication on the File Server port. A remote attacker may execute arbitrary commands. CA Automic Sysload versions 5.6.0, 5.8.0, 5.8.1, 6.0.0, 6.0.1, and 6.1.2 are affected.

tags | advisory, remote, arbitrary
advisories | CVE-2019-19518
SHA-256 | 7f9d760a9287eb2e921292fabe2942c4c7cd56f91f9cd5d68d19dab72173ab1e

CA Automic Sysload Arbitrary Command Execution

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CA20191210-01: Security Notice for CA Automic Sysload

Issued: December 10th, 2019
Last Updated: December 10th, 2019

CA Technologies, A Broadcom Company, is alerting customers to a
potential risk with CA Automic Sysload in the File Server component. A
vulnerability exists that can allow a remote attacker to execute
arbitrary commands. CA published solutions to address the
vulnerability and recommends that all affected customers implement
this solution.

The vulnerability, CVE-2019-19518, occurs due to a lack of
authentication on the File Server port. A remote attacker may execute
arbitrary commands.


Risk Rating

High


Platform(s)

All supported platforms


Affected Products

CA Automic Sysload 5.6.0, 5.8.0, 5.8.1, 6.0.0, 6.0.1, 6.1.2


How to determine if the installation is affected

A customer is affected by vulnerability if the module Sysload File
Server is installed in the following versions:
5.60 (build lower than 60.13)
5.80
6.00 (build lower than 65.6)


Solution

CA Technologies published the following solutions to address the
vulnerability:

5.6.0 HF1
5.6.0 HF2
5.8.0 HF1
5.8.1 HF1
6.0.0 HF1
6.0.1 HF1
6.1.2 HF1
Those hotfixes include the module Sysload File Server in the
following versions ('readme' file):
5.60 build 60.13 (OS/400)
6.00 build 65.8 (Unix, Windows)

All of the hotfixes are available for download at Sysload downloads.


References

CVE-2019-19518 - CA Automic Sysload


Acknowledgement

CVE-2019-19518 - Raphaƫl Rigo from the Airbus Security Lab


Change History

Version 1.0: 2019-12-10 - Initial Release


CA customers may receive product alerts and advisories by subscribing
to Proactive Notifications on the support site.

Customers who require additional information about this notice may
contact CA Technologies Support at https://casupport.broadcom.com/

To report a suspected vulnerability in a CA Technologies product,
please send a summary to the CA Technologies Product Vulnerability
Response Team at ca.psirt <AT> broadcom.com

Security Notices, PGP key, disclosure policy, and related guidance can
be found at https://techdocs.broadcom.com/ca-psirt


Regards,
Ken Williams
Vulnerability and Incident Response, CA PSIRT
https://techdocs.broadcom.com/ca-psirt
Broadcom | broadcom.com | Kansas City, Missouri, USA
ken.williams <AT> broadcom.com | ca.psirt <AT> broadcom.com


Copyright © 2019 Broadcom. All Rights Reserved. The term “Broadcom”
refers to Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse
logo, Connecting everything, CA Technologies and the CA technologies
logo are among the trademarks of Broadcom. All trademarks, trade names,
service marks and logos referenced herein belong to their respective
companies.

-----BEGIN PGP SIGNATURE-----
Version: Encryption Desktop 10.3.2 (Build 15238)
Charset: utf-8

wsBVAwUBXfDwDLZ6yOO9o8STAQiXVAf8DSLtflogd+hHtRQRr3mJUZ7FUxJhrkI7
X1V99aL0XX83rVLf/UXNf0wM9WjEJAZTB1KXTzhI9jJQtVXLJiDnxLbEmxhDAuIJ
DNXcOssbiFRWqZShh8H0/EBr9H8xcW+rwhDoHLaaJK/sRyy/LB305/6x4SmyzASc
+K2uTaPg8A7IwH5kosjZorHmuHHbB/S7Y/GuZ7Wz+RFHYHtTnb+1h7VLMCnaxMgb
ur+6oP5LVuCRROJ1kGgiS+ryrdMZuy8XCsZ1LbhoA0yOOcftGUd1gnD3jTCH2YFM
Q23cLNuucwP46x/PLRDRA3b2dEYi6cHPyPe7Y+k60wSV8kr1nX2u2Q==
=VWEC
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close