CA Unicenter pdmcgi.exe Information Disclosure

2003-06-04T00:00:00
ID OSVDB:3246
Type osvdb
Reporter OSVDB
Modified 2003-06-04T00:00:00

Description

Vulnerability Description

Unicenter ServicePlus Service Desk allows a remote attacker to obtain sensitive information. The issue is due to poor sanity checking in the pdmcgi.exe script. If an attacker provides a specially-crafted query the script will return all requests being made. This information may contain sensitive information that aids in furhter attacks.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Computer Associates has released a patch to address this vulnerability.

Windows: QI39685 Unix: QI39850

Short Description

Unicenter ServicePlus Service Desk allows a remote attacker to obtain sensitive information. The issue is due to poor sanity checking in the pdmcgi.exe script. If an attacker provides a specially-crafted query the script will return all requests being made. This information may contain sensitive information that aids in furhter attacks.

References:

Vendor Specific Solution URL: http://esupport.ca.com/ Secunia Advisory ID:9015 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-06/0029.html ISS X-Force ID: 12245 Bugtraq ID: 7817