Vulnerability CVE-2007-0060


Published: 2007-07-25   Modified: 2012-02-12

Description:
Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.

Type:

CWE-Other

Vendor: CA
Product: Etrust admin 
Version:
8.1
8.0
2.9
2.7
2.4
2.1
Product: Unicenter remote control 
Version: 6.0;
Product: Cleverpath olap 
Version: 5.1;
Product: Unicenter management 
Version:
5.0.1
5.0
4.1
4.0
Product: Unicenter software delivery 
Version:
4.0
3.1
3.0
Product: Unicenter asset management 
Version:
4.0
3.2
3.1
Product: Cleverpath ecm 
Version: 3.5;
Product: Unicenter service level management 
Version:
3.5
3.0.2
3.0.1
3.0
Product: Unicenter application performance monitor 
Version: 3.5; 3.0;
Product: Unicenter network and systems management 
Version: 3.1; 3.0;
Product: Advantage data transport 
Version: 3.0;
Product: Unicenter jasmine 
Version: 3.0;
Product: Unicenter nsm wireless network management option 
Version: 3.0;
Product: Cleverpath predictive analysis server 
Version: 3.0; 2.0;
Product: Unicenter tng 
Version:
2.4.2
2.4
2.2
2.1
Product: Unicenter data transport option 
Version: 2.0;
Product: Brightstor san manager 
Version: 11.5; 11.1;
Product: Brightstor portal 
Version: 11.1;
Product: Cleverpath aion 
Version: 10.0;
Product: Unicenter enterprise job manager 
Version: 1.0;

CVSS2 => (AV:N/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
9.3/10
10/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete

 References:
http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809
http://www.iss.net/threats/272.html
http://www.securityfocus.com/archive/1/474602/100/0/threaded
http://www.securityfocus.com/bid/25051
http://www.securitytracker.com/id?1018449
http://www.vupen.com/english/advisories/2007/2638
https://exchange.xforce.ibmcloud.com/vulnerabilities/32234

Related CVE
CVE-2019-7394
A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to g...
CVE-2019-7393
A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive i...
CVE-2019-7392
An improper authentication vulnerability in CA Privileged Access Manager 3.x Web-UI jk-manager and jk-status allows a remote attacker to gain sensitive information or alter configuration.
CVE-2018-19635
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface.
CVE-2018-19634
CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information.
CVE-2018-13826
An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request forgery attacks.
CVE-2018-13825
Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cross-site scripting attacks.
CVE-2018-13824
Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.

Copyright 2019, cxsecurity.com

 

Back to Top