CA Total Defense Suite reGenerateReports Stored Procedure SQL Injection

2011.10.04
Credit: CA
Risk: High
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 10/10
Impact Subscore: 10/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

CA Technologies support is alerting customers to security risks with CA Total Defense. Multiple vulnerabilities exist that can allow a remote attacker to possibly execute arbitrary code. CA issued an automatic update to address the vulnerabilities. The first set of vulnerabilities, CVE-2011-1653, are due to insufficient handling of certain request parameters. A remote attacker can use various SQL injection attacks to potentially compromise the Unified Network Control (UNC) Server. The second vulnerability, CVE-2011-1654, occurs due to insufficient handling of file upload parameters. A remote attacker can upload a file and use it to execute arbitrary code on the Total Defense Management Server. The third vulnerability, CVE-2011-1655, is due to insufficient protection of sensitive information. A remote attack can acquire account credentials and take privileged action on the Unified Network Control (UNC) Server. Risk Rating High Platform Windows Affected Products CA Total Defense r12 Non-Affected Products CA Total Defense r12 SE2 How to determine if the installation is affected These Total Defense components will be updated to the following versions once SE2 is installed: TD Management Server Core: 12.0.0.621 UNC: 12.0.0.622 If either component is not updated to the specified version or later, the installation may be vulnerable. Solution Install the SE2 update. If content updates are enabled, the update will happen automatically. The update was made available April 4, 2011. See the following announcement for more information: CA Total Defense r12 SE2 Content Update is Now Available References CVE-2011-1653 - Total Defense SQL injections CVE-2011-1654 - Total Defense file upload CVE-2011-1655 - Total Defense credential exposure Acknowledgement CVE-2011-1653, CVE-2011-1654, CVE-2011-1655 - Andrea Micalizzi through the TippingPoint ZDI Change History Version 1.0: Initial Release If additional information is required, please contact CA Technologies Support at http://support.ca.com/. If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team.

References:

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7BCD065CEC-AFE2-4D9D-8E0B-BE7F6E345866%7D
http://xforce.iss.net/xforce/xfdb/66725
http://www.zerodayinitiative.com/advisories/ZDI-11-134/
http://www.zerodayinitiative.com/advisories/ZDI-11-133/
http://www.zerodayinitiative.com/advisories/ZDI-11-132/
http://www.zerodayinitiative.com/advisories/ZDI-11-131/
http://www.zerodayinitiative.com/advisories/ZDI-11-130/
http://www.zerodayinitiative.com/advisories/ZDI-11-129/
http://www.zerodayinitiative.com/advisories/ZDI-11-128/
http://www.vupen.com/english/advisories/2011/0977
http://www.securityfocus.com/bid/47355
http://www.securityfocus.com/archive/1/archive/1/517498/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/517497/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/517496/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/517494/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/517493/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/517491/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/517490/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/517489/100/0/threaded
http://securitytracker.com/id?1025353
http://secunia.com/advisories/44097


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top