Vulnerability CVE-2007-0060
Published: 2007-07-25   Modified: 2012-02-12

Description:
Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.

Type:

CWE-Other

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
CA -> Unicenter nsm wireless network management option 
CA -> Advantage data transport 
CA -> Unicenter remote control 
CA -> Brightstor portal 
CA -> Unicenter service level management 
CA -> Brightstor san manager 
CA -> Unicenter software delivery 
CA -> Cleverpath aion 
CA -> Unicenter tng 
CA -> Cleverpath ecm 
CA -> Cleverpath olap 
CA -> Cleverpath predictive analysis server 
CA -> Etrust admin 
CA -> Unicenter application performance monitor 
CA -> Unicenter asset management 
CA -> Unicenter data transport option 
CA -> Unicenter enterprise job manager 
CA -> Unicenter jasmine 
CA -> Unicenter management 
CA -> Unicenter network and systems management 

 References:
http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809
http://www.iss.net/threats/272.html
http://www.securityfocus.com/archive/1/474602/100/0/threaded
http://www.securityfocus.com/bid/25051
http://www.securitytracker.com/id?1018449
http://www.vupen.com/english/advisories/2007/2638
https://exchange.xforce.ibmcloud.com/vulnerabilities/32234
Copyright 2024, cxsecurity.com

 

Back to Top