CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.4%
Computer Associates Message Queuing software contains buffer overflow conditions, which may allow a remote attacker to execute arbitrary code with elevated privileges.
Computer Associates Message Queuing (CAM / CAFT) is a software component that provides messaging services. CAM provides a “store and forward” messaging framework for applications, and CAFT is an application that utilizes CAM for file transfers. Multiple Computer Associates applications use CAM / CAFT for their messaging requirements. According to the Computer Associates SupportConnect document, the following applications use CAM / CAFT:
AdviseIT 2.4
Advantage™ Data Transport 3.0
BrightStor® SAN Manager 1.1, 1.1 SP1, 1.1 SP2, 11.1
BrightStor® Portal 11.1
CleverPath™ OLAP 5.1
CleverPath™ ECM 3.5
CleverPath™ Predictive Analysis Server 2.0, 3.0
CleverPath™ Aion 10.0
eTrust™ Admin 2.01, 2.04, 2.07, 2.09, 8.0, 8.1
Unicenter Performance Management for OpenVMS r2.4 SP3
Unicenter® Application Performance Monitor 3.0, 3.5
Unicenter® Asset Management 3.1, 3.2, 3.2 SP1, 3.2 SP2, 4.0, 4.0 SP1
Unicenter® Data Transport Option 2.0
Unicenter® Enterprise Job Manager 1.0 SP1, 1.0 SP2
Unicenter® Jasmine 3.0
Unicenter® Management for WebSphere MQ 3.5
Unicenter® Management for Microsoft Exchange 4.0, 4.1
Unicenter® Management for Lotus Notes/Domino 4.0
Unicenter® Management for Web Servers 5, 5.0.1
Unicenter® NSM 3.0, 3.1
Unicenter® NSM Wireless Network Management Option 3.0
Unicenter® Remote Control 6.0, 6.0 SP1
Unicenter® Service Level Management 3.0, 3.0.1, 3.0.2, 3.5
Unicenter® Software Delivery 3.0, 3.1, 3.1 SP1, 3.1 SP2, 4.0, 4.0 SP1
Unicenter® TNG 2.1, 2.2, 2.4, 2.4.2
Unicenter® TNG JPN 2.2
Computer Associates CAM / CAFT contains multiple buffer overflow conditions.
A remote attacker may be able to execute arbitrary code on the CAM / CAFT system with elevated privileges.
Upgrade or patch
Please see the Computer Associates SupportConnect notice for fix availability.
619988
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: August 23, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see the Computer Associates SupportConnect notice for fix availability.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23619988 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
Thanks to Computer Associates for reporting this vulnerability.
This document was written by Will Dormann.
CVE IDs: | CVE-2005-2668 |
---|---|
Severity Metric: | 13.13 Date Public: |
osvdb.org/displayvuln.php?osvdb_id=18916
secunia.com/advisories/16513/
securitytracker.com/alerts/2005/Aug/1014756.html
securitytracker.com/alerts/2005/Aug/1014760.html
securitytracker.com/alerts/2005/Aug/1014761.html
securitytracker.com/alerts/2005/Aug/1014763.html
securitytracker.com/alerts/2005/Aug/1014764.html
securitytracker.com/alerts/2005/Aug/1014765.html
securitytracker.com/alerts/2005/Aug/1014766.html
securitytracker.com/alerts/2005/Aug/1014767.html
securitytracker.com/alerts/2005/Aug/1014768.html
securitytracker.com/alerts/2005/Aug/1014769.html
securitytracker.com/alerts/2005/Aug/1014770.html
securitytracker.com/alerts/2005/Aug/1014771.html
securitytracker.com/alerts/2005/Aug/1014772.html
securitytracker.com/alerts/2005/Aug/1014773.html
securitytracker.com/alerts/2005/Aug/1014774.html
securitytracker.com/alerts/2005/Aug/1014775.html
supportconnectw.ca.com/public/ca_common_docs/camsecurity_faqs.asp
supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp
www.securityfocus.com/bid/14622
www.securityfocus.com/bid/14623
www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32919