TITLE: CA Products Message Queuing Denial of Service SECUNIA ADVISORY ID: SA18681 VERIFY ADVISORY: http://secunia.com/advisories/18681/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network SOFTWARE: CA Advantage Data Transport 3.x http://secunia.com/product/5574/ CA BrightStor Portal 11.x http://secunia.com/product/5577/ CA BrightStor SAN Manager 1.x http://secunia.com/product/5575/ CA BrightStor SAN Manager 11.x http://secunia.com/product/5576/ CA CleverPath Aion 10.x http://secunia.com/product/5582/ CA CleverPath Enterprise Content Manager (ECM) 3.x http://secunia.com/product/5579/ CA CleverPath OLAP 5.x http://secunia.com/product/5578/ CA CleverPath Predictive Analysis Server 2.x http://secunia.com/product/5580/ CA CleverPath Predictive Analysis Server 3.x http://secunia.com/product/5581/ CA eTrust Admin 2.x http://secunia.com/product/5583/ CA eTrust Admin 8.x http://secunia.com/product/5584/ CA Unicenter Application Performance Monitor 3.x http://secunia.com/product/5585/ CA Unicenter Asset Management 3.x http://secunia.com/product/5586/ CA Unicenter Asset Management 4.x http://secunia.com/product/1682/ CA Unicenter Data Transport Option 2.x http://secunia.com/product/5587/ CA Unicenter Enterprise Job Manager 1.x http://secunia.com/product/5588/ CA Unicenter Jasmine 3.x http://secunia.com/product/5589/ CA Unicenter Management for Lotus Notes/Domino 4.x http://secunia.com/product/5592/ CA Unicenter Management for Microsoft Exchange 4.x http://secunia.com/product/5591/ CA Unicenter Management for Web Servers 5.x http://secunia.com/product/5593/ CA Unicenter Management for WebSphere MQ 3.x http://secunia.com/product/5590/ CA Unicenter Network and Systems Management (NSM) 3.x http://secunia.com/product/1683/ CA Unicenter Network and Systems Management (NSM) Wireless Network Management Option 3.x http://secunia.com/product/5594/ CA Unicenter Remote Control 6.x http://secunia.com/product/2622/ CA Unicenter Service Level Management 3.x http://secunia.com/product/5595/ CA Unicenter Software Delivery 3.x http://secunia.com/product/5596/ CA Unicenter Software Delivery 4.x http://secunia.com/product/5597/ CA Unicenter TNG 2.x http://secunia.com/product/3206/ DESCRIPTION: Two vulnerabilities have been reported in various products within the CA Message Queuing (CAM / CAFT) software, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the handling of certain specially crafted messages sent to port 4105/tcp can be exploited to cause a DoS. 2) An error in the handling CAM control messages can be exploited to cause a DoS via spoofed CAM control messages. The vulnerabilities have been reported in all versions of the CA CAM software prior to version 1.07 Build 220_16, and prior to version 1.11 Build 29_20 included in the following products: * Advantage Data Transport 3.0 * BrightStor SAN Manager 1.1, 1.1 SP1, 1.1 SP2, 11.1 * BrightStor Portal 11.1 * CleverPath OLAP 5.1 * CleverPath ECM 3.5 * CleverPath Predictive Analysis Server 2.0, 3.0 * CleverPath Aion 10.0 * eTrust Admin 2.01, 2.04, 2.07, 2.09, 8.0, 8.1 * Unicenter Application Performance Monitor 3.0, 3.5 * Unicenter Asset Management 3.1, 3.2, 3.2 SP1, 3.2 SP2, 4.0, 4.0 SP1 * Unicenter Data Transport Option 2.0 * Unicenter Enterprise Job Manager 1.0 SP1, 1.0 SP2 * Unicenter Jasmine 3.0 * Unicenter Management for WebSphere MQ 3.5 * Unicenter Management for Microsoft Exchange 4.0, 4.1 * Unicenter Management for Lotus Notes/Domino 4.0 * Unicenter Management for Web Servers 5, 5.0.1 * Unicenter NSM 3.0, 3.1 * Unicenter NSM Wireless Network Management Option 3.0 * Unicenter Remote Control 6.0, 6.0 SP1 * Unicenter Service Level Management 3.0, 3.0.1, 3.0.2, 3.5 * Unicenter Software Delivery 3.0, 3.1, 3.1 SP1, 3.1 SP2, 4.0, 4.0 SP1 * Unicenter TNG 2.1, 2.2, 2.4, 2.4.2 * Unicenter TNG JPN 2.2 SOLUTION: Apply patch. CAM v1.11 (prior to Build 29_20): http://supportconnectw.ca.com/public/ca_common_docs/camessagsecurity_cam111fixes.asp CAM v1.07 (prior to Build 220_16): http://supportconnectw.ca.com/public/ca_common_docs/camessagsecurity_cam107fixes.asp CAM v1.05 (all versions): http://supportconnectw.ca.com/public/ca_common_docs/camessagsecurity_cam107fixes.asp PROVIDED AND/OR DISCOVERED BY: The vendor credits Nicolas Pouvesle of Tenable Network Security. ORIGINAL ADVISORY: http://supportconnectw.ca.com/public/ca_common_docs/camessagsecurity_notice.asp ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------