Secunia Security Advisory - Two vulnerabilities have been reported in various products within the CA Message Queuing (CAM / CAFT) software, which can be exploited by malicious people to cause a DoS (Denial of Service).
76a70c9a69364eeb1058891dee5f7a0847e9f7647d218785525ffe593f216a8c
TITLE:
CA Products Message Queuing Denial of Service
SECUNIA ADVISORY ID:
SA18681
VERIFY ADVISORY:
http://secunia.com/advisories/18681/
CRITICAL:
Less critical
IMPACT:
DoS
WHERE:
>From local network
SOFTWARE:
CA Advantage Data Transport 3.x
http://secunia.com/product/5574/
CA BrightStor Portal 11.x
http://secunia.com/product/5577/
CA BrightStor SAN Manager 1.x
http://secunia.com/product/5575/
CA BrightStor SAN Manager 11.x
http://secunia.com/product/5576/
CA CleverPath Aion 10.x
http://secunia.com/product/5582/
CA CleverPath Enterprise Content Manager (ECM) 3.x
http://secunia.com/product/5579/
CA CleverPath OLAP 5.x
http://secunia.com/product/5578/
CA CleverPath Predictive Analysis Server 2.x
http://secunia.com/product/5580/
CA CleverPath Predictive Analysis Server 3.x
http://secunia.com/product/5581/
CA eTrust Admin 2.x
http://secunia.com/product/5583/
CA eTrust Admin 8.x
http://secunia.com/product/5584/
CA Unicenter Application Performance Monitor 3.x
http://secunia.com/product/5585/
CA Unicenter Asset Management 3.x
http://secunia.com/product/5586/
CA Unicenter Asset Management 4.x
http://secunia.com/product/1682/
CA Unicenter Data Transport Option 2.x
http://secunia.com/product/5587/
CA Unicenter Enterprise Job Manager 1.x
http://secunia.com/product/5588/
CA Unicenter Jasmine 3.x
http://secunia.com/product/5589/
CA Unicenter Management for Lotus Notes/Domino 4.x
http://secunia.com/product/5592/
CA Unicenter Management for Microsoft Exchange 4.x
http://secunia.com/product/5591/
CA Unicenter Management for Web Servers 5.x
http://secunia.com/product/5593/
CA Unicenter Management for WebSphere MQ 3.x
http://secunia.com/product/5590/
CA Unicenter Network and Systems Management (NSM) 3.x
http://secunia.com/product/1683/
CA Unicenter Network and Systems Management (NSM) Wireless Network
Management Option 3.x
http://secunia.com/product/5594/
CA Unicenter Remote Control 6.x
http://secunia.com/product/2622/
CA Unicenter Service Level Management 3.x
http://secunia.com/product/5595/
CA Unicenter Software Delivery 3.x
http://secunia.com/product/5596/
CA Unicenter Software Delivery 4.x
http://secunia.com/product/5597/
CA Unicenter TNG 2.x
http://secunia.com/product/3206/
DESCRIPTION:
Two vulnerabilities have been reported in various products within the
CA Message Queuing (CAM / CAFT) software, which can be exploited by
malicious people to cause a DoS (Denial of Service).
1) An error in the handling of certain specially crafted messages
sent to port 4105/tcp can be exploited to cause a DoS.
2) An error in the handling CAM control messages can be exploited to
cause a DoS via spoofed CAM control messages.
The vulnerabilities have been reported in all versions of the CA CAM
software prior to version 1.07 Build 220_16, and prior to version
1.11 Build 29_20 included in the following products:
* Advantage Data Transport 3.0
* BrightStor SAN Manager 1.1, 1.1 SP1, 1.1 SP2, 11.1
* BrightStor Portal 11.1
* CleverPath OLAP 5.1
* CleverPath ECM 3.5
* CleverPath Predictive Analysis Server 2.0, 3.0
* CleverPath Aion 10.0
* eTrust Admin 2.01, 2.04, 2.07, 2.09, 8.0, 8.1
* Unicenter Application Performance Monitor 3.0, 3.5
* Unicenter Asset Management 3.1, 3.2, 3.2 SP1, 3.2 SP2, 4.0, 4.0
SP1
* Unicenter Data Transport Option 2.0
* Unicenter Enterprise Job Manager 1.0 SP1, 1.0 SP2
* Unicenter Jasmine 3.0
* Unicenter Management for WebSphere MQ 3.5
* Unicenter Management for Microsoft Exchange 4.0, 4.1
* Unicenter Management for Lotus Notes/Domino 4.0
* Unicenter Management for Web Servers 5, 5.0.1
* Unicenter NSM 3.0, 3.1
* Unicenter NSM Wireless Network Management Option 3.0
* Unicenter Remote Control 6.0, 6.0 SP1
* Unicenter Service Level Management 3.0, 3.0.1, 3.0.2, 3.5
* Unicenter Software Delivery 3.0, 3.1, 3.1 SP1, 3.1 SP2, 4.0, 4.0
SP1
* Unicenter TNG 2.1, 2.2, 2.4, 2.4.2
* Unicenter TNG JPN 2.2
SOLUTION:
Apply patch.
CAM v1.11 (prior to Build 29_20):
http://supportconnectw.ca.com/public/ca_common_docs/camessagsecurity_cam111fixes.asp
CAM v1.07 (prior to Build 220_16):
http://supportconnectw.ca.com/public/ca_common_docs/camessagsecurity_cam107fixes.asp
CAM v1.05 (all versions):
http://supportconnectw.ca.com/public/ca_common_docs/camessagsecurity_cam107fixes.asp
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Nicolas Pouvesle of Tenable Network Security.
ORIGINAL ADVISORY:
http://supportconnectw.ca.com/public/ca_common_docs/camessagsecurity_notice.asp
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed