Podatność CVE-2007-0060
Publikacja: 2007-07-25   Modyfikacja: 2012-02-12

Opis:
Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.

Typ:

CWE-Other

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
9.3/10
10/10
8.6/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Średnia
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Pełny
Pełny
Pełny
Affected software
CA -> Unicenter nsm wireless network management option 
CA -> Advantage data transport 
CA -> Unicenter remote control 
CA -> Brightstor portal 
CA -> Unicenter service level management 
CA -> Brightstor san manager 
CA -> Unicenter software delivery 
CA -> Cleverpath aion 
CA -> Unicenter tng 
CA -> Cleverpath ecm 
CA -> Cleverpath olap 
CA -> Cleverpath predictive analysis server 
CA -> Etrust admin 
CA -> Unicenter application performance monitor 
CA -> Unicenter asset management 
CA -> Unicenter data transport option 
CA -> Unicenter enterprise job manager 
CA -> Unicenter jasmine 
CA -> Unicenter management 
CA -> Unicenter network and systems management 

 Referencje:
http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809
http://www.iss.net/threats/272.html
http://www.securityfocus.com/archive/1/474602/100/0/threaded
http://www.securityfocus.com/bid/25051
http://www.securitytracker.com/id?1018449
http://www.vupen.com/english/advisories/2007/2638
https://exchange.xforce.ibmcloud.com/vulnerabilities/32234
Copyright 2024, cxsecurity.com

 

Back to Top