多个CA服务管理产品未明远程命令执行漏洞

BUGTRAQ ID: 33161
CVE ID：CVE-2009-0043
CNCVE ID：CNCVE-20090043

CA Service Metric Analysis和CA Service Level Management包含漏洞，允许远程攻击者执行任意命令。
问题是不充分限制对smmsnmpd服务的访问，远程攻击者可以利用漏洞以此服务上下文执行任意命令。
目前没有详细漏洞细节提供。

CA Service Metric Analysis 11.1 SP1
CA Service Metric Analysis 11.1
CA Service Metric Analysis 11.0
CA Service Level Management 3.5
厂商解决方案
可参考如下补丁：
CA Service Metric Analysis 11.1 SP1
CA RO04667
<a href=“https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=sear” target=“_blank”>https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=sear</a> ch&searchID=RO04667
CA Service Level Management 3.5
CA RO04649
<a href=“https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=sear” target=“_blank”>https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=sear</a> ch&searchID=RO04649
CA Service Metric Analysis 11.1
CA RO04667
<a href=“https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=sear” target=“_blank”>https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=sear</a> ch&searchID=RO04667
CA Service Metric Analysis 11.0
CA RO04653
<a href=“https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=sear” target=“_blank”>https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=sear</a> ch&searchID=RO04653