Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.0522
Security Notice for Multiple CA Products
14 February 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: CA Unified Infrastructure Management
CA Client Automation Agent for Windows
Publisher: CA Technologies
Operating System: Windows
Linux variants
Solaris
AIX
HP-UX
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Increased Privileges -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-8012 CVE-2020-8011 CVE-2020-8010
Original Bulletin:
https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2019/ca20200205-01-security-notice-for-ca-unified-infrastructure-management.html
https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/CA20191218-01-security-notice-for-ca-client-automation-agent-for-windows.html
Comment: This bulletin contains two (2) CA Technologies security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
CA20200205-01: Security Notice for CA Unified Infrastructure Management
Issued: February 5th, 2020
Last Updated: February 5th, 2020
CA Technologies, A Broadcom Company, is alerting customers to three
vulnerabilities in CA Unified Infrastructure Management (Nimsoft / UIM).
Multiple vulnerabilities exist that can allow an unauthenticated remote
attacker to execute arbitrary code or commands, read from or write to systems,
or conduct denial of service attacks. CA published solutions to address these
vulnerabilities and recommends that all affected customers implement these
solutions.
The first vulnerability, CVE-2020-8010, occurs due to improper ACL handling. A
remote attacker can execute commands, read from, or write to the target system.
The second vulnerability, CVE-2020-8011, occurs due to a null pointer
dereference. A remote attacker can crash the Controller service.
The third vulnerability, CVE-2020-8012, occurs due to a buffer overflow
vulnerability in the Controller service. A remote attacker can execute
arbitrary code.
Risk Rating
High (cumulative)
Platform(s)
All supported robot platforms (i.e. Windows, Linux, Solaris, AIX and HPUX)
Affected Products
UIM product versions 9.20 and below are affected. The applicable component is
robot (also known as controller).
The robot versions below 7.97HF8, 9.20HF9 and 9.20SHF9 are affected.
How to determine if the installation is affected
Check for the controller version in IM or AC. It should be greater
than or equal to7.97HF8for UIM 9.0.2, and9.20HF9or 9.20SHF9 for UIM 9.2.0.
Solution
CA Technologies published the following solutions to address the
vulnerabilities:
robot_update patches 7.97HF8 (or above), 9.20HF9 (or above), and 9.20SHF9 (or
above)
Note: UIM 8.5.1 users must upgrade robot to 7.97HF8.
Hotfixes are available at:
https://techdocs.broadcom.com/us/product-content/recommended-reading/
technical-document-index/ca-unified-infrastructure-management-hotfix-index.html
References
CVE-2020-8010 - CA UIM Probe Improper ACL Handling RCE
CVE-2020-8011 - CA UIM Improper Probe Handling NPD DoS
CVE-2020-8012 - CA UIM nimbuscontroller Buffer OverflowRC
Acknowledgement
CVE-2020-8010 - Milton Valencia (wetw0rk), IBM Public Cloud Red Team
CVE-2020-8011 - Milton Valencia (wetw0rk), IBM Public Cloud Red Team
CVE-2020-8012 - Milton Valencia (wetw0rk), IBM Public Cloud Red Team
Change History
Version 1.0: 2020-02-05 - Initial Release
CA customers may receive product alerts and advisories by subscribing to
Proactive Notifications .
Customers who require additional information about this notice may contact CA
Technologies Support at https://support.broadcom.com/ .
To report a suspected vulnerability in a CA Technologies product, please send a
summary to the CA Technologies Product Vulnerability Response Team .
Copyright (C) 2020 Broadcom. All Rights Reserved. The term "Broadcom" refers to
Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse logo, Connecting
everything, CA Technologies and the CA technologies logo are among the
trademarks of Broadcom. All trademarks, trade names, service marks and logos
referenced herein belong to their respective companies.
- ----------------------------------------------------------------------------------
CA20191218-01: Security Notice for CA Client Automation Agent for Windows
Issued: December 18, 2019
Last Updated: December 18, 2019
CA Technologies, A Broadcom Company, is alerting customers to a potential risk
with CA Client Automation agent on Windows. A vulnerability exists that can
allow a local attacker to gain escalated privileges. CA published solutions to
address the vulnerability and recommends that all affected customers implement
the applicable solution.
The vulnerability, CVE-2019-19231, occurs due to insecure file access by the
agent services. A local attacker may exploit this vulnerability to execute
arbitrary commands with escalated privileges on an installation of the Client
Automation agent.
Risk Rating
High
Platform(s)
Windows
Affected Products
CA Client Automation 14.0, 14.1, 14.2, 14.3 Windows agent
Affected Component
CA Client Automation Agent for Windows
How to determine if the installation is affected
Only the CA Client Automation agent on Windows is vulnerable. Customers may
check the .his file for the presence of the fix.
Solution
CA Technologies published the following solutions to address the
vulnerabilities.
Agents for CA Client Automation R14, R14 SP1 (14.0, 14.1):
Update to CA Client Automation R14 SP2 or SP3 and apply the appropriate fix for
R14 SP2 or SP3.
Agents for CA Client Automation R14 SP2 (14.2):
SO11134
Agents for CA Client Automation R14 SP3 (14.3):
SO11210
References
CVE-2019-19231 - CA Client Automation Agent privilege escalation
Acknowledgement
CVE-2019-19231 - Andrew Hess
Change History
Version 1.0: 2019-12-18 - Initial Release
CA customers may receive product alerts and advisories by subscribing to
Proactive Notifications .
Customers who require additional information about this notice may contact CA
Technologies Support at https://casupport.broadcom.com/ .
To report a suspected vulnerability in a CA Technologies product, please send a
summary to the CA Technologies Product Vulnerability Response Team .
Copyright (C) 2019 Broadcom. All Rights Reserved. The term "Broadcom" refers to
Broadcom Inc. and/or its subsidiaries. Broadcom, the pulse logo, Connecting
everything, CA Technologies and the CA technologies logo are among the
trademarks of Broadcom. All trademarks, trade names, service marks and logos
referenced herein belong to their respective companies.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXkY672aOgq3Tt24GAQjVGQ/9F9KOyAt92gDnruU/3N69HwFF34derR1/
zm9NVvnAuBP1cRhNBdkeNIoIzj+t0wUY1VcO9uzp6JO+n74hoyyFhHMo8SJINKCy
Usb6Jcxu5LcZiXHoUFcHFT1W3HucHelduDu65AfZttddDiR/K7WyEhb3TUO+amXU
6gx4Wmi0f8jGEqujjSIKvseNPpORKzyVFe77dSsBDv93lu6sWjRoT4NTA+fVvyF+
81dNX4UkVYIyRVmWBo3sJ1+C8uZBQm511hGOyVyjttPOmX/BEDAi2fGJOPo070Eu
JSyvG1HJFOPYWAFtVtQHROob/HHSTHofxkE3kPxusjezxwoERKlhLlK1H689UTZg
LMRGzlldjzhs8tUqb9TIA6DPR/EwVZ+o1ack6jQZlNnWjEb+X0tzrw5dpDy013Ci
DnF9ieLBJDTUTduN9J2O1doiAs1UYwpUtNG0LbGJd/rbtXrIJeBX1KCQgkdqomAQ
vsRKxcT6c6HxFl2QYdOjlHHuaU2Ptq1LJE27ntaQ0cfeUcot4y28RlA8KjwbBX+1
IroaKViE2nE9N4ASGA7kOV/1Qws/+8r3wwkSzqrR2tG58MwyYUwWDrlmxOzlUaNq
umQapQDAB7xI62+K7VLcLnBV7imAFKAc+WWuIt8VJ5lnywYO9IYpkm/4PHi179FY
qRoJ3YJ/6iE=
=5mVz
-----END PGP SIGNATURE-----