CERTVU:619988Computer Associates Message Queuing software vulnerable to buffer overflows
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.4%
Overview
Computer Associates Message Queuing software contains buffer overflow conditions, which may allow a remote attacker to execute arbitrary code with elevated privileges.
Description
Computer Associates Message Queuing (CAM / CAFT) is a software component that provides messaging services. CAM provides a “store and forward” messaging framework for applications, and CAFT is an application that utilizes CAM for file transfers. Multiple Computer Associates applications use CAM / CAFT for their messaging requirements. According to the Computer Associates SupportConnect document, the following applications use CAM / CAFT:
AdviseIT 2.4
Advantage™ Data Transport 3.0
BrightStor® SAN Manager 1.1, 1.1 SP1, 1.1 SP2, 11.1
BrightStor® Portal 11.1
CleverPath™ OLAP 5.1
CleverPath™ ECM 3.5
CleverPath™ Predictive Analysis Server 2.0, 3.0
CleverPath™ Aion 10.0
eTrust™ Admin 2.01, 2.04, 2.07, 2.09, 8.0, 8.1
Unicenter Performance Management for OpenVMS r2.4 SP3
Unicenter® Application Performance Monitor 3.0, 3.5
Unicenter® Asset Management 3.1, 3.2, 3.2 SP1, 3.2 SP2, 4.0, 4.0 SP1
Unicenter® Data Transport Option 2.0
Unicenter® Enterprise Job Manager 1.0 SP1, 1.0 SP2
Unicenter® Jasmine 3.0
Unicenter® Management for WebSphere MQ 3.5
Unicenter® Management for Microsoft Exchange 4.0, 4.1
Unicenter® Management for Lotus Notes/Domino 4.0
Unicenter® Management for Web Servers 5, 5.0.1
Unicenter® NSM 3.0, 3.1
Unicenter® NSM Wireless Network Management Option 3.0
Unicenter® Remote Control 6.0, 6.0 SP1
Unicenter® Service Level Management 3.0, 3.0.1, 3.0.2, 3.5
Unicenter® Software Delivery 3.0, 3.1, 3.1 SP1, 3.1 SP2, 4.0, 4.0 SP1
Unicenter® TNG 2.1, 2.2, 2.4, 2.4.2
Unicenter® TNG JPN 2.2
Computer Associates CAM / CAFT contains multiple buffer overflow conditions.
Impact
A remote attacker may be able to execute arbitrary code on the CAM / CAFT system with elevated privileges.
Solution
Upgrade or patch
Please see the Computer Associates SupportConnect notice for fix availability.
Vendor Information
619988
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Computer Associates __ Affected
Updated: August 23, 2005
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
Please see the Computer Associates SupportConnect notice for fix availability.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23619988 Feedback>).
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
- <http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp>
- <http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_faqs.asp>
- <http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32919>
- <http://secunia.com/advisories/16513/>
- <http://www.securityfocus.com/bid/14622>
- <http://osvdb.org/displayvuln.php?osvdb_id=18916>
- <http://securitytracker.com/alerts/2005/Aug/1014775.html>
- <http://securitytracker.com/alerts/2005/Aug/1014774.html>
- <http://securitytracker.com/alerts/2005/Aug/1014773.html>
- <http://securitytracker.com/alerts/2005/Aug/1014772.html>
- <http://securitytracker.com/alerts/2005/Aug/1014771.html>
- <http://securitytracker.com/alerts/2005/Aug/1014770.html>
- <http://securitytracker.com/alerts/2005/Aug/1014769.html>
- <http://securitytracker.com/alerts/2005/Aug/1014768.html>
- <http://securitytracker.com/alerts/2005/Aug/1014767.html>
- <http://securitytracker.com/alerts/2005/Aug/1014766.html>
- <http://securitytracker.com/alerts/2005/Aug/1014765.html>
- <http://securitytracker.com/alerts/2005/Aug/1014764.html>
- <http://securitytracker.com/alerts/2005/Aug/1014763.html>
- <http://securitytracker.com/alerts/2005/Aug/1014761.html>
- <http://securitytracker.com/alerts/2005/Aug/1014760.html>
- <http://securitytracker.com/alerts/2005/Aug/1014756.html>
- <http://www.securityfocus.com/bid/14623>
Acknowledgements
Thanks to Computer Associates for reporting this vulnerability.
This document was written by Will Dormann.
Other Information
| CVE IDs: | CVE-2005-2668 |
|---|---|
| Severity Metric: | 13.13 Date Public: |
References
osvdb.org/displayvuln.php?osvdb_id=18916
secunia.com/advisories/16513/
securitytracker.com/alerts/2005/Aug/1014756.html
securitytracker.com/alerts/2005/Aug/1014760.html
securitytracker.com/alerts/2005/Aug/1014761.html
securitytracker.com/alerts/2005/Aug/1014763.html
securitytracker.com/alerts/2005/Aug/1014764.html
securitytracker.com/alerts/2005/Aug/1014765.html
securitytracker.com/alerts/2005/Aug/1014766.html
securitytracker.com/alerts/2005/Aug/1014767.html
securitytracker.com/alerts/2005/Aug/1014768.html
securitytracker.com/alerts/2005/Aug/1014769.html
securitytracker.com/alerts/2005/Aug/1014770.html
securitytracker.com/alerts/2005/Aug/1014771.html
securitytracker.com/alerts/2005/Aug/1014772.html
securitytracker.com/alerts/2005/Aug/1014773.html
securitytracker.com/alerts/2005/Aug/1014774.html
securitytracker.com/alerts/2005/Aug/1014775.html
supportconnectw.ca.com/public/ca_common_docs/camsecurity_faqs.asp
supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp
www.securityfocus.com/bid/14622
www.securityfocus.com/bid/14623
www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32919
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
99.4%