Impact: A remote attacker can execute arbitrary code.
Summary: Multiple CA products that utilize CA Message Queuing
(CAM / CAFT) software contain a buffer overflow vulnerability. The
vulnerability, CVE-2007-0060, is a buffer overflow that can allow
a remote attacker to execute arbitrary code by sending a specially
crafted message to TCP port 3104.
Mitigating Factors: None
Severity: CA has given this vulnerability a High risk rating.
Affected Versions of CA Message Queuing (CAM / CAFT):
This vulnerability affects all versions of the CA Message Queuing
software prior to v1.11 Build 54_4 on the specified platforms.
i.e. CAM versions 1.04, 1.05, 1.06, 1.07, 1.10 (prior to Build
54_4) and 1.11 (prior to Build 54_4).
Platforms NOT affected:
AIX, AS/400, DG Intel, DG Motorola, DYNIX, HP-UX, IRIX,
Linux Intel, Linux s/390, MVS, Open VMS, OS/2, OSF1,
Solaris Intel, Solaris Sparc and UnixWare.
Status and Recommendation:
CA has made patches available for all affected products. These
patches are independent of the CA Software that installed CAM.
Simply select the patch appropriate to the platform, and the
installed version of CAM, and follow the patch application
instructions. You should also review the product home pages on
SupportConnect for any additional product specific instructions.
Solutions for CAM:
Platform Solution
Windows QO89945
NetWare QO89943
How to determine if you are affected:
Determining CAM versions:
Simply running camstat will return the version information in the
top line of the output on any platform. The camstat command is
located in the bin subfolder of the installation directory.
The example below indicates that CAM version 1.11 build 27
increment 2 is running.
E:\>camstat
CAM – machine.ca.com Version 1.11 (Build 27_2) up 0 days 1:16
Determining the CAM install directory:
Windows: The install location is specified by the %CAI_MSQ%
environment variable.
Unix/Linux/Mac: The /etc/catngcampath text file holds the CAM
install location.
Workaround:
The affected listening port can be disabled by creating or
updating CAM's configuration file, CAM.CFG, with the following
entry under the "*CONFIG" section:
*CONFIG
cas_port=0
The CA Messaging Server must be recycled in order for this to take
effect. We advise that products dependent upon CAM should be
shutdown prior to recycling CAM. Once dependent products have
been shutdown, CAM can be recycled with the following commands:
On Windows:
camclose
cam start
On NetWare:
load camclose
load cam start
Once CAM has been restarted, any CAM dependent products that were
shutdown can be restarted.
References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
Security Notice for CA Message Queuing (CAM / CAFT) vulnerability
http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-s
ecnot.asp
Solution Document Reference APARs:
QO89945, QO89943
CA Security Advisor posting:
CA Message Queuing (CAM / CAFT) Buffer Overflow Vulnerability
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809
CA Vuln ID (CAID): 35527
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35527
Reported By: Paul Mehta of ISS X-Force
ISS X-Force advisory:
Computer Associates (CA) Message Queuing buffer overflow
http://iss.net/threats/272.html
http://xforce.iss.net/xforce/xfdb/32234
CVE References:
CVE-2007-0060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0060
OSVDB References: Pending
http://osvdb.org/
Changelog for this advisory:
v1.0 - Initial Release
Customers who require additional information should contact CA
Technical Support at http://supportconnect.ca.com.
For technical questions or comments related to this advisory,
please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your
findings to vuln AT ca DOT com, or utilize our "Submit a
Vulnerability" form.
URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx
Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/
Legal Notice http://www.ca.com/us/legal/
Privacy Policy http://www.ca.com/us/privacy/
Copyright (c) 2007 CA. All rights reserved.
wj8DBQFGpqDgeSWR3+KUGYURAqdJAJ4pFoSk4uID50pe596jrSXA360EFwCgnKwR
e0SCE2LiNYK4inEXfyLjI4M=
=9QLH
-----END PGP SIGNATURE-----
___________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
{"id": "SECURITYVULNS:DOC:17605", "bulletinFamily": "software", "title": "[Full-disclosure] [CAID 35527]: CA Message Queuing (CAM / CAFT) Buffer Overflow Vulnerability", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nTitle: [CAID 35527]: CA Message Queuing (CAM / CAFT) Buffer\r\nOverflow Vulnerability\r\n\r\nCA Vuln ID (CAID): 35527\r\n\r\nCA Advisory Date: 2007-07-24\r\n\r\nReported By: Paul Mehta of ISS X-Force\r\n\r\nImpact: A remote attacker can execute arbitrary code.\r\n\r\nSummary: Multiple CA products that utilize CA Message Queuing \r\n(CAM / CAFT) software contain a buffer overflow vulnerability. The \r\nvulnerability, CVE-2007-0060, is a buffer overflow that can allow \r\na remote attacker to execute arbitrary code by sending a specially \r\ncrafted message to TCP port 3104.\r\n\r\nMitigating Factors: None\r\n\r\nSeverity: CA has given this vulnerability a High risk rating.\r\n\r\nAffected Versions of CA Message Queuing (CAM / CAFT):\r\nThis vulnerability affects all versions of the CA Message Queuing \r\nsoftware prior to v1.11 Build 54_4 on the specified platforms. \r\ni.e. CAM versions 1.04, 1.05, 1.06, 1.07, 1.10 (prior to Build \r\n54_4) and 1.11 (prior to Build 54_4).\r\n\r\nAffected Products:\r\nAdvantage Data Transport 3.0\r\nBrightStor SAN Manager 11.1, 11.5\r\nBrightStor Portal 11.1\r\nCleverPath OLAP 5.1\r\nCleverPath ECM 3.5\r\nCleverPath Predictive Analysis Server 2.0, 3.0\r\nCleverPath Aion 10.0\r\neTrust Admin 2.01, 2.04, 2.07, 2.09, 8.0, 8.1\r\nUnicenter Application Performance Monitor 3.0, 3.5\r\nUnicenter Asset Management 3.1, 3.2, 3.2 SP1, 3.2 SP2, 4.0, \r\n 4.0 SP1\r\nUnicenter Data Transport Option 2.0\r\nUnicenter Enterprise Job Manager 1.0 SP1, 1.0 SP2\r\nUnicenter Jasmine 3.0\r\nUnicenter Management for WebSphere MQ 3.5\r\nUnicenter Management for Microsoft Exchange 4.0, 4.1\r\nUnicenter Management for Lotus Notes/Domino 4.0\r\nUnicenter Management for Web Servers 5, 5.0.1\r\nUnicenter NSM 3.0, 3.1\r\nUnicenter NSM Wireless Network Management Option 3.0\r\nUnicenter Remote Control 6.0, 6.0 SP1\r\nUnicenter Service Level Management 3.0, 3.0.1, 3.0.2, 3.5\r\nUnicenter Software Delivery 3.0, 3.1, 3.1 SP1, 3.1 SP2, 4.0, \r\n 4.0 SP1\r\nUnicenter TNG 2.1, 2.2, 2.4, 2.4.2\r\nUnicenter TNG JPN 2.2\r\n\r\nAffected Platforms:\r\nWindows and NetWare\r\n\r\nPlatforms NOT affected:\r\nAIX, AS/400, DG Intel, DG Motorola, DYNIX, HP-UX, IRIX, \r\nLinux Intel, Linux s/390, MVS, Open VMS, OS/2, OSF1, \r\nSolaris Intel, Solaris Sparc and UnixWare.\r\n\r\nStatus and Recommendation:\r\nCA has made patches available for all affected products. These \r\npatches are independent of the CA Software that installed CAM. \r\nSimply select the patch appropriate to the platform, and the \r\ninstalled version of CAM, and follow the patch application \r\ninstructions. You should also review the product home pages on \r\nSupportConnect for any additional product specific instructions.\r\n\r\nSolutions for CAM:\r\nPlatform Solution\r\nWindows QO89945\r\nNetWare QO89943\r\n\r\nHow to determine if you are affected:\r\n\r\nDetermining CAM versions:\r\nSimply running camstat will return the version information in the \r\ntop line of the output on any platform. The camstat command is \r\nlocated in the bin subfolder of the installation directory. \r\n\r\nThe example below indicates that CAM version 1.11 build 27 \r\nincrement 2 is running.\r\n\r\n E:\>camstat\r\n CAM \u2013 machine.ca.com Version 1.11 (Build 27_2) up 0 days 1:16\r\n\r\nDetermining the CAM install directory:\r\n\r\nWindows: The install location is specified by the %CAI_MSQ% \r\n environment variable.\r\nUnix/Linux/Mac: The /etc/catngcampath text file holds the CAM \r\n install location.\r\n\r\nWorkaround:\r\nThe affected listening port can be disabled by creating or \r\nupdating CAM's configuration file, CAM.CFG, with the following \r\nentry under the "*CONFIG" section:\r\n\r\n *CONFIG\r\n cas_port=0\r\n\r\nThe CA Messaging Server must be recycled in order for this to take \r\neffect. We advise that products dependent upon CAM should be \r\nshutdown prior to recycling CAM. Once dependent products have \r\nbeen shutdown, CAM can be recycled with the following commands:\r\n\r\n On Windows:\r\n camclose\r\n cam start\r\n\r\n On NetWare:\r\n load camclose\r\n load cam start\r\n\r\nOnce CAM has been restarted, any CAM dependent products that were \r\nshutdown can be restarted.\r\n\r\nReferences (URLs may wrap):\r\nCA SupportConnect:\r\nhttp://supportconnect.ca.com/\r\nSecurity Notice for CA Message Queuing (CAM / CAFT) vulnerability\r\nhttp://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-s\r\necnot.asp\r\nSolution Document Reference APARs:\r\nQO89945, QO89943\r\nCA Security Advisor posting: \r\nCA Message Queuing (CAM / CAFT) Buffer Overflow Vulnerability\r\nhttp://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809\r\nCA Vuln ID (CAID): 35527\r\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35527\r\nReported By: Paul Mehta of ISS X-Force\r\nISS X-Force advisory:\r\nComputer Associates (CA) Message Queuing buffer overflow\r\nhttp://iss.net/threats/272.html\r\nhttp://xforce.iss.net/xforce/xfdb/32234\r\nCVE References:\r\nCVE-2007-0060\r\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0060\r\nOSVDB References: Pending\r\nhttp://osvdb.org/\r\n\r\nChangelog for this advisory:\r\nv1.0 - Initial Release\r\n\r\nCustomers who require additional information should contact CA\r\nTechnical Support at http://supportconnect.ca.com.\r\n\r\nFor technical questions or comments related to this advisory, \r\nplease send email to vuln AT ca DOT com.\r\n\r\nIf you discover a vulnerability in CA products, please report your\r\nfindings to vuln AT ca DOT com, or utilize our "Submit a \r\nVulnerability" form. \r\nURL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx\r\n\r\n\r\nRegards,\r\nKen Williams ; 0xE2941985\r\nDirector, CA Vulnerability Research\r\n\r\nCA, 1 CA Plaza, Islandia, NY 11749\r\n \r\nContact http://www.ca.com/us/contact/\r\nLegal Notice http://www.ca.com/us/legal/\r\nPrivacy Policy http://www.ca.com/us/privacy/\r\nCopyright (c) 2007 CA. All rights reserved.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: PGP Desktop 9.5.3 (Build 5003)\r\n\r\nwj8DBQFGpqDgeSWR3+KUGYURAqdJAJ4pFoSk4uID50pe596jrSXA360EFwCgnKwR\r\ne0SCE2LiNYK4inEXfyLjI4M=\r\n=9QLH\r\n-----END PGP SIGNATURE-----\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "published": "2007-07-25T00:00:00", "modified": "2007-07-25T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17605", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2007-0060"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:22", "edition": 1, "viewCount": 6, "enchantments": {"score": {"value": 7.2, "vector": "NONE", "modified": "2018-08-31T11:10:22", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2007-0060"]}, {"type": "nessus", "idList": ["CACAM_OVERFLOW2.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:7977"]}, {"type": "osvdb", "idList": ["OSVDB:38598"]}], "modified": "2018-08-31T11:10:22", "rev": 2}, "vulnersScore": 7.2}, "affectedSoftware": []}
{"cve": [{"lastseen": "2020-10-03T11:45:48", "description": "Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.", "edition": 3, "cvss3": {}, "published": "2007-07-26T00:30:00", "title": "CVE-2007-0060", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0060"], "modified": "2018-10-16T16:30:00", "cpe": ["cpe:/a:ca:unicenter_tng:2.2", "cpe:/a:ca:unicenter_application_performance_monitor:3.0", "cpe:/a:ca:cleverpath_aion:10.0", "cpe:/a:ca:cleverpath_ecm:3.5", "cpe:/a:ca:cleverpath_predictive_analysis_server:2.0", "cpe:/a:ca:etrust_admin:2.1", "cpe:/a:ca:unicenter_enterprise_job_manager:1.0", "cpe:/a:ca:unicenter_management:4.0", "cpe:/a:ca:unicenter_application_performance_monitor:3.5", "cpe:/a:ca:unicenter_management:5.0.1", "cpe:/a:ca:unicenter_tng:2.1", "cpe:/a:ca:unicenter_nsm_wireless_network_management_option:3.0", "cpe:/a:ca:brightstor_san_manager:11.5", "cpe:/a:ca:unicenter_remote_control:6.0", "cpe:/a:ca:unicenter_network_and_systems_management:3.0", "cpe:/a:ca:unicenter_asset_management:3.2", "cpe:/a:ca:unicenter_asset_management:4.0", "cpe:/a:ca:unicenter_data_transport_option:2.0", "cpe:/a:ca:etrust_admin:2.9", "cpe:/a:ca:etrust_admin:8.0", "cpe:/a:ca:unicenter_service_level_management:3.0.1", "cpe:/a:ca:unicenter_tng:2.4.2", "cpe:/a:ca:cleverpath_predictive_analysis_server:3.0", "cpe:/a:ca:etrust_admin:8.1", "cpe:/a:ca:unicenter_management:4.1", "cpe:/a:ca:unicenter_service_level_management:3.0.2", "cpe:/a:ca:advantage_data_transport:3.0", "cpe:/a:ca:unicenter_software_delivery:3.0", "cpe:/a:ca:unicenter_tng:2.4", "cpe:/a:ca:unicenter_service_level_management:3.5", "cpe:/a:ca:brightstor_portal:11.1", "cpe:/a:ca:unicenter_asset_management:3.1", "cpe:/a:ca:unicenter_software_delivery:4.0", "cpe:/a:ca:etrust_admin:2.7", "cpe:/a:ca:unicenter_jasmine:3.0", "cpe:/a:ca:etrust_admin:2.4", "cpe:/a:ca:unicenter_network_and_systems_management:3.1", "cpe:/a:ca:brightstor_san_manager:11.1", "cpe:/a:ca:cleverpath_olap:5.1", "cpe:/a:ca:unicenter_software_delivery:3.1", "cpe:/a:ca:unicenter_management:5.0", "cpe:/a:ca:unicenter_service_level_management:3.0"], "id": "CVE-2007-0060", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0060", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ca:unicenter_asset_management:3.2:sp2:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_asset_management:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_enterprise_job_manager:1.0:sp2:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_service_level_management:3.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_jasmine:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ca:brightstor_portal:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_tng:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_remote_control:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_data_transport_option:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_asset_management:4.0:sp1:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_management:5.0.1:*:web_servers:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_asset_management:3.2:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_management:4.0:*:lotus_notes_domino:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_service_level_management:3.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:ca:brightstor_san_manager:11.1:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_tng:2.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:ca:etrust_admin:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:ca:cleverpath_ecm:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:ca:brightstor_san_manager:11.5:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_management:4.1:*:microsoft_exchange:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_software_delivery:3.1:sp1:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_software_delivery:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_management:4.0:*:microsoft_exchange:*:*:*:*:*", "cpe:2.3:a:ca:advantage_data_transport:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_software_delivery:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_service_level_management:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:ca:etrust_admin:2.9:*:*:*:*:*:*:*", "cpe:2.3:a:ca:cleverpath_predictive_analysis_server:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ca:etrust_admin:8.1:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_enterprise_job_manager:1.0:sp1:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_application_performance_monitor:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ca:cleverpath_predictive_analysis_server:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_tng:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_software_delivery:3.1:sp2:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_nsm_wireless_network_management_option:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ca:etrust_admin:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_tng:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_asset_management:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:ca:cleverpath_aion:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_tng:2.2:*:*:ja:*:*:*:*", "cpe:2.3:a:ca:unicenter_software_delivery:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_management:5.0:*:web_servers:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_application_performance_monitor:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_service_level_management:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_remote_control:6.0:sp1:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_software_delivery:4.0:sp1:*:*:*:*:*:*", "cpe:2.3:a:ca:cleverpath_olap:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:ca:etrust_admin:2.1:*:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_asset_management:3.2:sp1:*:*:*:*:*:*", "cpe:2.3:a:ca:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:ca:etrust_admin:2.7:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:34", "bulletinFamily": "software", "cvelist": ["CVE-2007-0060"], "description": "# No description provided by the source\n\n## References:\nVendor Specific News/Changelog Entry: http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp\nVendor Specific News/Changelog Entry: http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809\nSecurity Tracker: 1018449\n[Secunia Advisory ID:26190](https://secuniaresearch.flexerasoftware.com/advisories/26190/)\nOther Advisory URL: http://www.iss.net/threats/272.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-07/0288.html\nKeyword: CAID 35527\nKeyword: TCP port 3104\nISS X-Force ID: 32234\nFrSIRT Advisory: ADV-2007-2638\n[CVE-2007-0060](https://vulners.com/cve/CVE-2007-0060)\nBugtraq ID: 25051\n", "edition": 1, "modified": "2007-07-24T18:32:32", "published": "2007-07-24T18:32:32", "href": "https://vulners.com/osvdb/OSVDB:38598", "id": "OSVDB:38598", "title": "CA Message Queuing Server (Cam.exe) Remote Overflow", "type": "osvdb", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:26", "bulletinFamily": "software", "cvelist": ["CVE-2007-0060"], "description": "Buffer overflow in CA Message Queuing (TCP/3104) service.", "edition": 1, "modified": "2007-07-25T00:00:00", "published": "2007-07-25T00:00:00", "id": "SECURITYVULNS:VULN:7977", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7977", "title": "CA multiple application buffer overflow", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-01T01:22:01", "description": "The remote version of CA Message Queuing Service contains a \nstack overflow that may allow an attacker to execute\narbitrary code on the remote host with SYSTEM privileges. \n\nAn attacker does not need to be authenticated to exploit this flaw.", "edition": 22, "published": "2007-07-26T00:00:00", "title": "CA Multiple Products Message Queuing Server (Cam.exe) Remote Overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2007-0060"], "modified": "2021-01-02T00:00:00", "cpe": [], "id": "CACAM_OVERFLOW2.NASL", "href": "https://www.tenable.com/plugins/nessus/25766", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# vendor advisory:\n# Affected Platforms:\n# Windows and NetWare\n\n\ninclude(\"compat.inc\");\n\nif(description)\n{\n script_id(25766);\n script_version(\"1.15\");\n\n script_cve_id(\"CVE-2007-0060\");\n script_bugtraq_id(25051);\n\n script_name(english:\"CA Multiple Products Message Queuing Server (Cam.exe) Remote Overflow\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Arbitrary code can be executed on the remote host due to a flaw in the\nCAM service.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote version of CA Message Queuing Service contains a \nstack overflow that may allow an attacker to execute\narbitrary code on the remote host with SYSTEM privileges. \n\nAn attacker does not need to be authenticated to exploit this flaw.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809\" );\n script_set_attribute(attribute:\"solution\", value:\n\"CA has released a set of patches for CAM 1.11.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/07/26\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2007/07/25\");\n script_cvs_date(\"Date: 2018/06/27 18:42:25\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n\n script_summary(english:\"Determines if the remote CAM service is vulnerable to a buffer overflow\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gain a shell remotely\");\n script_dependencies(\"cacam_detect.nasl\", \"os_fingerprint.nasl\");\n script_require_keys(\"CA/MessageQueuing\", \"Host/OS\");\n script_require_ports(4105);\n exit(0);\n}\n\n\n# Only Windows and NetWare are affected per CA's advisory.\nos = get_kb_item(\"Host/OS\");\nif (!os || (\"Windows\" >!< os && \"Novell Netware\" >!< os)) exit(0);\n\n\nversion = get_kb_item (\"CA/MessageQueuing\");\nif (isnull(version))\n exit (0);\n\nport = 4105;\n\nmain = ereg_replace (pattern:\"^([0-9]+)\\.[0-9]+ \\(Build [0-9]+_[0-9]+\\)$\", string:version, replace:\"\\1\");\nrevision = ereg_replace (pattern:\"^[0-9]+\\.([0-9]+) \\(Build [0-9]+_[0-9]+\\)$\", string:version, replace:\"\\1\");\n\nbuild = ereg_replace (pattern:\"^[0-9]+\\.[0-9]+ \\(Build ([0-9]+)_[0-9]+\\)$\", string:version, replace:\"\\1\");\nbuild_rev = ereg_replace (pattern:\"^[0-9]+\\.[0-9]+ \\(Build [0-9]+_([0-9]+)\\)$\", string:version, replace:\"\\1\");\n\n\nmain = int(main);\nrevision = int (revision);\nbuild = int(build);\nbuild_rev = int (build_rev);\n\n\n# vulnerable :\n# < 1.10\n# < 1.10 build 54_4\n# < 1.11 build 54_4\n\nif ( (main < 1) ||\n (main == 1 && revision < 10) ||\n (main == 1 && revision == 10 && build < 54) ||\n (main == 1 && revision == 10 && build == 54 && build_rev < 4) ||\n (main == 1 && revision == 11 && build < 54) ||\n (main == 1 && revision == 11 && build == 54 && build_rev < 4) )\n{\n security_hole(port);\n}\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
