Title: 32919 - Computer Associates Message Queuing (CAM/CAFT) multiple vulnerabilities CA Vulnerability ID: CAID 32919 Disclosure Date: 2005-08-19 Discovered By: CA internal audit Impact: Remote attackers can execute arbitrary code, or cause a denial of service condition. Summary: During a recent internal audit, CA discovered several vulnerability issues in the CA Message Queuing (CAM / CAFT) software. 1) Attackers can potentially exploit a CAM TCP port vulnerability to execute a Denial of Service (DoS) attack. 2) Attackers can potentially exploit multiple buffer overflow conditions to execute arbitrary code remotely with elevated privileges. 3) Attackers can potentially launch a spoofed CAFT attack, and execute arbitrary commands with elevated privileges. CA has made patches available for all affected users. These vulnerabilities affect all versions of the CA Message Queuing software prior to v1.07 Build 220_13 and v1.11 Build 29_13 on the platforms specified below. Severity: Computer Associates has given this vulnerability a High risk rating. Determining CAM versions: Simply running camstat will return the version information in the top line of the output on any platform. The camstat program is located in the "bin" subfolder of the installation directory. The example below indicates that CAM version 1.11 build 27 increment 2 is running. E:\>camstat CAM - machine.ca.com Version 1.11 (Build 27_2) up 0 days 1:16 Determining the CAM install directory: Windows: the install location is specified by the %CAI_MSQ% environment variable. Unix/Linux/Mac: the /etc/catngcampath text file holds the CAM install location. Affected products: Unicenter Performance Management for OpenVMS r2.4 SP3 AdviseIT 2.4 Advantage Data Transport 3.0 BrightStor SAN Manager 1.1, 1.1 SP1, 1.1 SP2, 11.1 BrightStor Portal 11.1 CleverPath OLAP 5.1 CleverPath ECM 3.5 CleverPath Predictive Analysis Server 2.0, 3.0 CleverPath Aion 10.0 eTrust Admin 2.01, 2.04, 2.07, 2.09, 8.0, 8.1 Unicenter Application Performance Monitor 3.0, 3.5 Unicenter Asset Management 3.1, 3.2, 3.2 SP1, 3.2 SP2, 4.0, 4.0 SP1 Unicenter Data Transport Option 2.0 Unicenter Enterprise Job Manager 1.0 SP1, 1.0 SP2 Unicenter Jasmine 3.0 Unicenter Management for WebSphere MQ 3.5 Unicenter Management for Microsoft Exchange 4.0, 4.1 Unicenter Management for Lotus Notes/Domino 4.0 Unicenter Management for Web Servers 5, 5.0.1 Unicenter NSM 3.0, 3.1 Unicenter NSM Wireless Network Management Option 3.0 Unicenter Remote Control 6.0, 6.0 SP1 Unicenter Service Level Management 3.0, 3.0.1, 3.0.2, 3.5 Unicenter Software Delivery 3.0, 3.1, 3.1 SP1, 3.1 SP2, 4.0, 4.0 SP1 Unicenter TNG 2.1, 2.2, 2.4, 2.4.2 Unicenter TNG JPN 2.2 Affected platforms: AIX, DG Intel, DG Motorola, DYNIX, OSF1, HP-UX, IRIX, Linux Intel, Linux s/390, Solaris Intel, Solaris Sparc, UnixWare, Windows, Apple Mac, AS/400, MVS, NetWare, OS/2, and OpenVMS. Status: Patches that completely remediate this vulnerability issue are available for all affected products. Recommendation (note that URLs may wrap): CA strongly recommends application of the appropriate patch(es). Fixes for CAM v1.11 prior to Build 29_13: http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_cam111fi xes.asp Windows QO71014 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7101 4 AIX QO71015 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7101 5 HPUX QO71016 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7101 6 Linux QO71019 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7101 9 QO71020 (RPM_i386) http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7102 0 QO71021 (RPM_ia64) http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7102 1 LinuxS390 QO71031 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7103 1 MacOSX QO71022 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7102 2 NetWare QO71023 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7102 3 OSF1 QO71024 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7102 4 SCO QO71025 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7102 5 Solaris QO71026 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7102 6 SolarisIntel QO71027 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7102 7 Fixes for CAM v1.07 prior to Build 220_13 and Fixes for CAM v1.05 (any version): http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_cam107fi xes.asp Windows QO71033 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7103 3 AIX QO71035 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7103 5 AS/400 On Request http://supportconnect.ca.com DGIntel QO71036 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7103 6 DGM88K QO71037 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7103 7 DYNIX QO71038 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7103 8 HPUX QO71040 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7104 0 IRIX QO71041 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7104 1 Linux QO71042 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7104 2 LinuxS390 QO71085 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7108 5 NCR QO71043 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7104 3 NetWare QO71044 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7104 4 OS/2 On Request http://supportconnect.ca.com OSF1 QO71045 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7104 5 SCO QO71046 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7104 6 SINIX QO71047 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7104 7 Solaris QO71048 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7104 8 SolarisIntel QO71049 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7104 9 Unixware7 QO71050 http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7105 0 OpenVMS On Request http://supportconnect.ca.com Customers wishing to patch their Master Image CD sets should refer to the solution areas on the product home pages (http://supportconnectw.ca.com/main.asp). USD/SDO package for the CA Message Queuing vulnerability http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_faqs.asp #faqsdo UAM/AMO Definitions for the CA Message Queuing vulnerability http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_faqs.asp #faqamo CVE Reference: Pending OSVDB Reference: Pending Advisory URLs (note that URLs may wrap): CA Message Queuing Security Notice http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.a sp CA Security Advisor site: CAID 32919 - Computer Associates Message Queuing (CAM/CAFT) multiple vulnerabilities http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32919 CA Message Queuing Security Notice Frequently Asked Questions http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_faqs.asp Should you require additional information, please contact CA Customer Support at http://supportconnect.ca.com. CA Customer Support North America (individual product hotlines) http://supportconnectw.ca.com/public/ca_common_docs/support_dir.pdf CA International Customer Support (individual country offices) http://www.ca.com/camap.htm Respectfully, Ken Williams ; Dir. Vuln Research Computer Associates ; 0xE2941985 Computer Associates International, Inc. (CA). One Computer Associates Plaza. Islandia, NY 11749 Contact Us http://ca.com/catalk.htm Legal Notice http://ca.com/calegal.htm Privacy Policy http://ca.com Copyright 2005 Computer Associates International, Inc. All rights reserved