Lucene search

K
saintSAINT CorporationSAINT:BB93681448CCD06400E7A1C7A13D20BC
HistoryNov 29, 2005 - 12:00 a.m.

Computer Associates Message Queuing

2005-11-2900:00:00
SAINT Corporation
my.saintcorporation.com
17

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.953

Percentile

99.4%

Added: 11/29/2005
CVE: CVE-2005-2668
BID: 14622
OSVDB: 18916

Background

The Computer Associates Message Queuing service is used internally by multiple Computer Associates products.

Problem

The Computer Associates Message Queuing service is affected by multiple buffer overflows which could result in remote command execution.

Resolution

Install the patch referenced in the security notice.

References

<http://www.kb.cert.org/vuls/id/619988&gt;

Limitations

Exploit may not work on versions other than Service Level management 3.5.

Platforms

Windows 2000
Windows XP / Windows XP SP1
Windows XP SP2
Windows Server 2003

CVSS2

10

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.953

Percentile

99.4%