CA20091208-01: Security Notice for CA Service Desk

2009-12-10T00:00:00
ID SECURITYVULNS:DOC:22915
Type securityvulns
Reporter Securityvulns
Modified 2009-12-10T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE-----

CA20091208-01: Security Notice for CA Service Desk

Issued: December 8, 2009

CA's support is alerting customers to a security risk with CA Service Desk. A cross-site scripting vulnerability exists that can allow a remote attacker to potentially gain sensitive information. CA has issued patches to address the vulnerability.

The vulnerability, CVE-2009-4149, is due to insufficient verification of a web interface variable. An attacker, who can lure a user into following a URL, can conduct cross-site scripting.

Risk Rating

Low

Platforms

Windows, AIX, HP, Sun, Linux

Affected Products

CA Service Desk 12.1

How to determine if the installation is affected

CA Service Desk 12.1

Windows Environment:

  1. Locate the files "webengine.exe" and "freeaccess.spl". The files are located in the "$NX_ROOT\bin" and "$NX_ROOT\bopcfg\www" directory respectively.
  2. Right click on each of the files and select Properties.
  3. Select the General tab.
  4. If either file timestamp is earlier than indicated in the below table, the installation is vulnerable.

File Name Timestamp Size Size on disk

webengine.exe 10/30/2009 12:11:16 PM 2936832 bytes 2936832 bytes

freeaccess.spl 10/23/2009 11:24:08 AM 1010489 bytes 1011712 bytes

AIX Environment:

  1. Locate the files "webengine" and "freeaccess.spl". The files are located in the "$NX_ROOT/bin" and "$NX_ROOT/bopcfg/www" directory respectively.
  2. Right click on each of the files and select Properties.
  3. Select the General tab.
  4. If either file timestamp is earlier than indicated in the below table, the installation is vulnerable.

File Name Timestamp Size Size on disk

webengine 11/03/2009 4:58:00 AM 7698261 bytes 7700480 bytes

freeaccess.spl 10/26/2009 5:32:00 AM 1010490 bytes 1011712 bytes

HP Environment:

  1. Locate the files "webengine" and "freeaccess.spl". The files are located in the "$NX_ROOT/bin" and "$NX_ROOT/bopcfg/www" directory respectively.
  2. Right click on each of the files and select Properties.
  3. Select the General tab.
  4. If either file timestamp is earlier than indicated in the below table, the installation is vulnerable.

File Name Timestamp Size Size on disk

webengine 11/03/2009 5:25:00 AM 6635681 bytes 7700480 bytes

freeaccess.spl 10/27/2009 1:20:00 AM 6639616 bytes 1011712 bytes

SUN Environment:

  1. Locate the files "webengine" and "freeaccess.spl". The files are located in the "$NX_ROOT/bin" and "$NX_ROOT/bopcfg/www" directory respectively.
  2. Right click on each of the files and select Properties.
  3. Select the General tab.
  4. If either file timestamp is earlier than indicated in the below table, the installation is vulnerable.

File Name Timestamp Size Size on disk

webengine 11/03/2009 5:05:00 AM 4076264 bytes 4079616 bytes

freeaccess.spl 10/26/2009 8:23:00 AM 1010490 bytes 1011712 bytes

Linux Environment:

  1. Locate the files "webengine" and "freeaccess.spl". The files are located in the "$NX_ROOT/bin" and "$NX_ROOT/bopcfg/www" directory respectively.
  2. Right click on each of the files and select Properties.
  3. Select the General tab.
  4. If either file timestamp is earlier than indicated in the below table, the installation is vulnerable.

File Name Timestamp Size Size on disk

webengine 11/03/2009 4:23:00 AM 3772416 bytes 3772416 bytes

freeaccess.spl 10/26/2009 7:25:00 AM 1010490 bytes 1011712 bytes

Solution

CA has issued the following patches to address the vulnerability.

CA Service Desk 12.1 Windows: RO12848

CA Service Desk 12.1 AIX: RO12851

CA Service Desk 12.1 HP: RO12853

CA Service Desk 12.1 Sun: RO12857

CA Service Desk 12.1 Linux: RO12855

Workaround

To reduce exposure, only give trusted resources analyst privilege.

References

CVE-2009-4149 - Service Desk XSS http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4149

CA20091208-01 : Security Notice for CA Service Desk (line may wrap) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=22 3999

Acknowledgement

CVE-2009-4149 - anonymous

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Support at http://support.ca.com/

If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. (line may wrap) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782

Kevin Kotas CA Product Vulnerability Response Team

-----BEGIN PGP SIGNATURE----- Version: PGP 8.1

iQEVAwUBSx6pQpI1FvIeMomJAQFsBgf+PLnOJCw+Gy2OmpAQxHZXQrgLIqybuafj dAoAPHXYRaPU+KmyAWnhSLpy21dnlLomS9yL7tv5aYa8Qm1Bmb54KweC9kbL7NDB T2lNOhrJ47eQsXEVCEcI/zIGLfSVwQdATEZQhNR07nuGMxEIN9dqS6bh9zmf1MqW yxRH7D5wAFwGaiKApqzqZw4JiE14+UyUZDr6c0/Y/5HZpWGVt9KnlowN2SuOWXvH 0enIeHDR1S+T27mprirdgKKGjZadG21+JPO9xOxDzqfag6uoHlEVWPxDNHYlL+dq f8HYIOZIEnCKS8Tw7BYPt2t1WGaFwXGISJ8yl+rxmzY8oBt7eHcnLw== =j+VR -----END PGP SIGNATURE-----