Vulnerability Detail

Computer Associates Message Queuing (CAM/CAFT) multiple vulnerabilities

Date Discovered:
22 Apr 2005

Date Published:
22 Aug 2005

Last Updated:
24 Jan 2006

Threat Assessment

Overall Risk: High

Popularity : High

Impact: Critical

Simplicity: Medium

Characteristics

Vulnerability ID: 32919
Discovered By: CA internal audit

Exploitable Locally: No
Exploitable Remotely: Yes

Impact: Remote attackers can perform spoofing attacks, execute arbitrary code, or cause a denial of service condition.

Root Cause: Software Vulnerability

Description

Recommendations

Affected Technologies

References

Description

Computer Associates Message Queuing (CAM/CAFT) contains multiple vulnerabilities that may allow remote attackers to perform spoofing attacks, execute arbitrary code, or cause a denial of service condition. The first vulnerability allows attackers to launch denial of service attacks to the CAM TCP port. The second vulnerability is due to improper bounds checking performed by CAM, which allows attackers to execute arbitrary code. The final vulnerability allows for CAFT spoofing attacks to be launched to execute arbitrary commands.

Recommendations

-------------------------------------------------------------------------------
For: CA Messaging (CAM) AIX 1.07.210.0, CA Messaging (CAM) AIX 1.07.220.11, CA Messaging (CAM) AIX 1.07.220.5, CA Messaging (CAM) AIX 1.07.220.7, CA Messaging (CAM) AIX 1.07.220.8, CA Messaging (CAM) AIX 1.11.19.0, CA Messaging (CAM) AIX 1.11.27.0, CA Messaging (CAM) AIX 1.11.27.1, CA Messaging (CAM) AIX 1.11.29.2, CA Messaging (CAM) AIX 1.11.29.3, CA Messaging (CAM) AIX 1.11.29.4, CA Messaging (CAM) AIX 1.11.29.5, CA Messaging (CAM) AIX 1.11.29.8, CA Messaging (CAM) AIX 1.11.29.9, CA Messaging (CAM) HP-UX 1.07.210.0, CA Messaging (CAM) HP-UX 1.07.220.0, CA Messaging (CAM) HP-UX 1.07.220.11, CA Messaging (CAM) HP-UX 1.07.220.5, CA Messaging (CAM) HP-UX 1.07.220.7, CA Messaging (CAM) HP-UX 1.07.220.8, CA Messaging (CAM) HP-UX 1.07.232.0, CA Messaging (CAM) HP-UX 1.11.18.0, CA Messaging (CAM) HP-UX 1.11.27.0, CA Messaging (CAM) HP-UX 1.11.27.1, CA Messaging (CAM) HP-UX 1.11.29.2, CA Messaging (CAM) HP-UX 1.11.29.3, CA Messaging (CAM) HP-UX 1.11.29.4, CA Messaging (CAM) HP-UX 1.11.29.5, CA Messaging (CAM) HP-UX 1.11.29.8, CA Messaging (CAM) HP-UX 1.11.29.9, CA Messaging (CAM) HP-UX 11 1.07.210.0, CA Messaging (CAM) Linux 1.07.210.0, CA Messaging (CAM) Linux 1.07.220.0, CA Messaging (CAM) Linux 1.07.220.11, CA Messaging (CAM) Linux 1.11.28.0, CA Messaging (CAM) Linux 1.11.29.5, CA Messaging (CAM) Linux 1.11.29.8, CA Messaging (CAM) Linux 1.11.29.9, CA Messaging (CAM) SOLARIS 1.07.210.0, CA Messaging (CAM) SOLARIS 1.07.220.0, CA Messaging (CAM) SOLARIS 1.07.220.11, CA Messaging (CAM) SOLARIS 1.07.220.5, CA Messaging (CAM) SOLARIS 1.07.220.8, CA Messaging (CAM) SOLARIS 1.07.220.9, CA Messaging (CAM) SOLARIS 1.11.19.0, CA Messaging (CAM) SOLARIS 1.11.27.0, CA Messaging (CAM) SOLARIS 1.11.27.1, CA Messaging (CAM) SOLARIS 1.11.29.2, CA Messaging (CAM) SOLARIS 1.11.29.3, CA Messaging (CAM) SOLARIS 1.11.29.4, CA Messaging (CAM) SOLARIS 1.11.29.5, CA Messaging (CAM) SOLARIS 1.11.29.8, CA Messaging (CAM) SOLARIS 1.11.29.9

CAM 1.11

Download and install the CAM version 1.11.29.13

For each Unix/Linux installation of CAM 1.11, determine if lsm is installed (/usr/bin/lsm).

If lsm is installed, then install the file with the following command:

lsm -i CAM.(os).@pif [-r response_file]

Example: For a Linux OS without a response file, type the following:

lsm -i CAM.Linux.@pif

If lsm is not installed, then type the following command:

CAM.(os).self [-r response_file]

Example: For a Linux OS without a response file, type the following:

CAM.Linux.self

Note: Make sure the file has executable permissions for the account running the command.

More details are in the readme included with the patch.

CAM 1.07

Download and install the CAM version 1.07.220.13

Extract the tar.gz for the specific OS.

Example: For Linux type:

tar -xzvf ./LINUX_V1.07

Then run the script ./cam/scripts/install

-------------------------------------------------------------------------------
For: CA Messaging (CAM) Windows 1.07.220.0, CA Messaging (CAM) Windows 1.07.220.10, CA Messaging (CAM) Windows 1.07.220.3, CA Messaging (CAM) Windows 1.07.220.4, CA Messaging (CAM) Windows 1.07.220.5, CA Messaging (CAM) Windows 1.07.220.6, CA Messaging (CAM) Windows 1.07.220.7, CA Messaging (CAM) Windows 1.07.220.9
Apply: CA Messaging (CAM) Windows 1.07.220.13

-------------------------------------------------------------------------------
For: CA Messaging (CAM) Windows 1.11.26.1, CA Messaging (CAM) Windows 1.11.26.10, CA Messaging (CAM) Windows 1.11.26.2, CA Messaging (CAM) Windows 1.11.26.6, CA Messaging (CAM) Windows 1.11.26.7, CA Messaging (CAM) Windows 1.11.26.8, CA Messaging (CAM) Windows 1.11.26.9, CA Messaging (CAM) Windows 1.11.27.1, CA Messaging (CAM) Windows 1.11.27.2, CA Messaging (CAM) Windows 1.11.27.3, CA Messaging (CAM) Windows 1.11.29.1, CA Messaging (CAM) Windows 1.11.29.2, CA Messaging (CAM) Windows 1.11.29.3, CA Messaging (CAM) Windows 1.11.29.4, CA Messaging (CAM) Windows 1.11.29.5, CA Messaging (CAM) Windows 1.11.29.6, CA Messaging (CAM) Windows 1.11.29.7, CA Messaging (CAM) Windows 1.11.29.8
Apply: CA Messaging (CAM) Windows 1.11.29.13

Affected Technologies

Computer Associates: CA Messaging (CAM) AIX 1.07.210.0
Computer Associates: CA Messaging (CAM) AIX 1.07.220.11
Computer Associates: CA Messaging (CAM) AIX 1.07.220.5
Computer Associates: CA Messaging (CAM) AIX 1.07.220.7
Computer Associates: CA Messaging (CAM) AIX 1.07.220.8
Computer Associates: CA Messaging (CAM) AIX 1.11.19.0
Computer Associates: CA Messaging (CAM) AIX 1.11.27.0
Computer Associates: CA Messaging (CAM) AIX 1.11.27.1
Computer Associates: CA Messaging (CAM) AIX 1.11.29.2
Computer Associates: CA Messaging (CAM) AIX 1.11.29.3
Computer Associates: CA Messaging (CAM) AIX 1.11.29.4
Computer Associates: CA Messaging (CAM) AIX 1.11.29.5
Computer Associates: CA Messaging (CAM) AIX 1.11.29.8
Computer Associates: CA Messaging (CAM) AIX 1.11.29.9
Computer Associates: CA Messaging (CAM) HP-UX 1.07.210.0
Computer Associates: CA Messaging (CAM) HP-UX 1.07.220.0
Computer Associates: CA Messaging (CAM) HP-UX 1.07.220.11
Computer Associates: CA Messaging (CAM) HP-UX 1.07.220.5
Computer Associates: CA Messaging (CAM) HP-UX 1.07.220.7
Computer Associates: CA Messaging (CAM) HP-UX 1.07.220.8
Computer Associates: CA Messaging (CAM) HP-UX 1.07.232.0
Computer Associates: CA Messaging (CAM) HP-UX 1.11.18.0
Computer Associates: CA Messaging (CAM) HP-UX 1.11.27.0
Computer Associates: CA Messaging (CAM) HP-UX 1.11.27.1
Computer Associates: CA Messaging (CAM) HP-UX 1.11.29.2
Computer Associates: CA Messaging (CAM) HP-UX 1.11.29.3
Computer Associates: CA Messaging (CAM) HP-UX 1.11.29.4
Computer Associates: CA Messaging (CAM) HP-UX 1.11.29.5
Computer Associates: CA Messaging (CAM) HP-UX 1.11.29.8
Computer Associates: CA Messaging (CAM) HP-UX 1.11.29.9
Computer Associates: CA Messaging (CAM) HP-UX 11 1.07.210.0
Computer Associates: CA Messaging (CAM) Linux 1.07.210.0
Computer Associates: CA Messaging (CAM) Linux 1.07.220.0
Computer Associates: CA Messaging (CAM) Linux 1.07.220.11
Computer Associates: CA Messaging (CAM) Linux 1.11.28.0
Computer Associates: CA Messaging (CAM) Linux 1.11.29.5
Computer Associates: CA Messaging (CAM) Linux 1.11.29.8
Computer Associates: CA Messaging (CAM) Linux 1.11.29.9
Computer Associates: CA Messaging (CAM) Solaris 1.07.210.0
Computer Associates: CA Messaging (CAM) Solaris 1.07.220.0
Computer Associates: CA Messaging (CAM) Solaris 1.07.220.11
Computer Associates: CA Messaging (CAM) Solaris 1.07.220.5
Computer Associates: CA Messaging (CAM) Solaris 1.07.220.8
Computer Associates: CA Messaging (CAM) Solaris 1.07.220.9
Computer Associates: CA Messaging (CAM) Solaris 1.11.19.0
Computer Associates: CA Messaging (CAM) Solaris 1.11.27.0
Computer Associates: CA Messaging (CAM) Solaris 1.11.27.1
Computer Associates: CA Messaging (CAM) Solaris 1.11.29.2
Computer Associates: CA Messaging (CAM) Solaris 1.11.29.3
Computer Associates: CA Messaging (CAM) Solaris 1.11.29.4
Computer Associates: CA Messaging (CAM) Solaris 1.11.29.5
Computer Associates: CA Messaging (CAM) Solaris 1.11.29.8
Computer Associates: CA Messaging (CAM) Solaris 1.11.29.9
Computer Associates: CA Messaging (CAM) Windows 1.07.220.0
Computer Associates: CA Messaging (CAM) Windows 1.07.220.10
Computer Associates: CA Messaging (CAM) Windows 1.07.220.3
Computer Associates: CA Messaging (CAM) Windows 1.07.220.4
Computer Associates: CA Messaging (CAM) Windows 1.07.220.5
Computer Associates: CA Messaging (CAM) Windows 1.07.220.6
Computer Associates: CA Messaging (CAM) Windows 1.07.220.7
Computer Associates: CA Messaging (CAM) Windows 1.07.220.9
Computer Associates: CA Messaging (CAM) Windows 1.11.26.1
Computer Associates: CA Messaging (CAM) Windows 1.11.26.10
Computer Associates: CA Messaging (CAM) Windows 1.11.26.2
Computer Associates: CA Messaging (CAM) Windows 1.11.26.6
Computer Associates: CA Messaging (CAM) Windows 1.11.26.7
Computer Associates: CA Messaging (CAM) Windows 1.11.26.8
Computer Associates: CA Messaging (CAM) Windows 1.11.26.9
Computer Associates: CA Messaging (CAM) Windows 1.11.27.1
Computer Associates: CA Messaging (CAM) Windows 1.11.27.2
Computer Associates: CA Messaging (CAM) Windows 1.11.27.3
Computer Associates: CA Messaging (CAM) Windows 1.11.29.1
Computer Associates: CA Messaging (CAM) Windows 1.11.29.2
Computer Associates: CA Messaging (CAM) Windows 1.11.29.3
Computer Associates: CA Messaging (CAM) Windows 1.11.29.4
Computer Associates: CA Messaging (CAM) Windows 1.11.29.5
Computer Associates: CA Messaging (CAM) Windows 1.11.29.6
Computer Associates: CA Messaging (CAM) Windows 1.11.29.7
Computer Associates: CA Messaging (CAM) Windows 1.11.29.8

References

Mitre CVE: CAN-2005-2667
Mitre CVE: CAN-2005-2668
Mitre CVE: CAN-2005-2669

CA Global Security Advisor

Current threat condition: Low

Documents and Tools

Find Threats

Viruses Spyware
Vulnerabilities All

Page Tools