copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login





 

AL-2005.0028 -- Computer Associates multiple products -- message queuing (CAM/CAFT) multiple vulnerabilities

Date: 24 August 2005

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
A  U  S  C  E  R  T                                           A  L  E  R  T

                       AL-2005.0028 -- AUSCERT ALERT
                   Computer Associates multiple products
            message queuing (CAM/CAFT) multiple vulnerabilities
                              24 August 2005

===========================================================================

        AusCERT Alert Summary
        ---------------------

Product:           AdviseIT 2.4
                   Advantage Data Transport 3.0
                   BrightStor SAN Manager 1.1, 1.1 SP1, 1.1 SP2 and 11.1
                   BrightStor Portal 11.1
                   CleverPath OLAP 5.1
                   CleverPath ECM 3.5
                   CleverPath Predictive Analysis Server 3.0
                   eTrust Admin 2.01, 2.04, 2.07, 2.09, 8.0 and 8.1
                   Unicenter Performance Management for OpenVMS r2.4 SP3
                   Unicenter Application Performance Monitor 3.0, 3.5
                   Unicenter Asset Management 4.0 SP1 and prior
                   Unicenter Data Transport Option 2.0
                   Unicenter Enterprise Job Manager 1.0 SP2 and prior
                   Unicenter Jasmine 3.0
                   Unicenter Management for WebSphere MQ 3.5
                   Unicenter Management for Microsoft Exchange 4.0, 4.1
                   Unicenter Management for Lotus Notes/Domino 4.0
                   Unicenter Management for Web Servers 5, 5.0.1
                   Unicenter NSM 3.0, 3.1
                   Unicenter NSM Wireless Network Management Option 3.0
                   Unicenter Remote Control 6.0, 6.0 SP1
                   Unicenter Service Level Management 3.0, 3.01, 3.02, 3.5
                   Unicenter Software Delivery 4.0 SP1 and prior
                   Unicenter TNG 2.1, 2.2, 2.4, 2.4.2
                   Unicenter JPN 2.2
Publisher:         Computer Associates
Operating System:  Windows
                   UNIX variants
                   OpenVMS
                   Novell NetWare
                   OS/2
Impact:            Root Compromise / Administrator Compromise
                   Execute Arbitrary Code/Commands
                   Denial of Service
Access:            Remote/Unauthenticated

Original Bulletin: 
  http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp

- --------------------------BEGIN INCLUDED TEXT--------------------

Title: 32919 - Computer Associates Message Queuing (CAM/CAFT) 
multiple vulnerabilities


CA Vulnerability ID: CAID 32919


Disclosure Date: 2005-08-19


Discovered By: CA internal audit


Impact: Remote attackers can execute arbitrary code, or cause a 
denial of service condition.


Summary: During a recent internal audit, CA discovered several 
vulnerability issues in the CA Message Queuing (CAM / CAFT) 
software.

1) Attackers can potentially exploit a CAM TCP port vulnerability
to execute a Denial of Service (DoS) attack.

2) Attackers can potentially exploit multiple buffer overflow 
conditions to execute arbitrary code remotely with elevated 
privileges.

3) Attackers can potentially launch a spoofed CAFT attack, and 
execute arbitrary commands with elevated privileges.

CA has made patches available for all affected users.  These 
vulnerabilities affect all versions of the CA Message Queuing 
software prior to v1.07 Build 220_13 and v1.11 Build 29_13 on the
platforms specified below.


Severity: Computer Associates has given this vulnerability a High
risk rating.


Determining CAM versions:

Simply running camstat will return the version information in the
top line of the output on any platform. The camstat program is 
located in the "bin" subfolder of the installation directory.

The example below indicates that CAM version 1.11 build 27 
increment 2 is running.

E:\>camstat
CAM - machine.ca.com Version 1.11 (Build 27_2) up 0 days 1:16


Determining the CAM install directory:

Windows: the install location is specified by the %CAI_MSQ% 
environment variable.

Unix/Linux/Mac: the /etc/catngcampath text file holds the CAM 
install location.


Affected products:

Unicenter Performance Management for OpenVMS r2.4 SP3
AdviseIT 2.4
Advantage Data Transport 3.0
BrightStor SAN Manager 1.1, 1.1 SP1, 1.1 SP2, 11.1
BrightStor Portal 11.1
CleverPath OLAP 5.1
CleverPath ECM 3.5
CleverPath Predictive Analysis Server 2.0, 3.0
CleverPath Aion 10.0
eTrust Admin 2.01, 2.04, 2.07, 2.09, 8.0, 8.1
Unicenter Application Performance Monitor 3.0, 3.5
Unicenter Asset Management 3.1, 3.2, 3.2 SP1, 3.2 SP2, 4.0, 
     4.0 SP1
Unicenter Data Transport Option 2.0
Unicenter Enterprise Job Manager 1.0 SP1, 1.0 SP2
Unicenter Jasmine 3.0
Unicenter Management for WebSphere MQ 3.5
Unicenter Management for Microsoft Exchange 4.0, 4.1
Unicenter Management for Lotus Notes/Domino 4.0
Unicenter Management for Web Servers 5, 5.0.1
Unicenter NSM 3.0, 3.1
Unicenter NSM Wireless Network Management Option 3.0
Unicenter Remote Control 6.0, 6.0 SP1
Unicenter Service Level Management 3.0, 3.0.1, 3.0.2, 3.5
Unicenter Software Delivery 3.0, 3.1, 3.1 SP1, 3.1 SP2, 4.0, 
     4.0 SP1
Unicenter TNG 2.1, 2.2, 2.4, 2.4.2
Unicenter TNG JPN 2.2


Affected platforms:

AIX, DG Intel, DG Motorola, DYNIX, OSF1, HP-UX, IRIX, 
Linux Intel, Linux s/390, Solaris Intel, Solaris Sparc, UnixWare,
Windows, Apple Mac, AS/400, MVS, NetWare, OS/2, and OpenVMS.


Status: Patches that completely remediate this vulnerability 
issue are available for all affected products.


Recommendation (note that URLs may wrap): 
CA strongly recommends application of the appropriate patch(es).

Fixes for CAM v1.11 prior to Build 29_13:
http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_cam111fi
xes.asp
Windows QO71014
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7101
4
AIX QO71015
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7101
5
HPUX QO71016
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7101
6
Linux QO71019
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7101
9
QO71020 (RPM_i386)
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7102
0
QO71021 (RPM_ia64)
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7102
1
LinuxS390 QO71031
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7103
1
MacOSX QO71022
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7102
2
NetWare QO71023
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7102
3
OSF1 QO71024
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7102
4
SCO QO71025
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7102
5
Solaris QO71026
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7102
6
SolarisIntel QO71027
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7102
7

Fixes for CAM v1.07 prior to Build 220_13 
and Fixes for CAM v1.05 (any version):
http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_cam107fi
xes.asp
Windows QO71033
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7103
3
AIX QO71035
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7103
5
AS/400 On Request
http://supportconnect.ca.com
DGIntel QO71036
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7103
6
DGM88K QO71037
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7103
7
DYNIX QO71038
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7103
8
HPUX QO71040
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7104
0
IRIX QO71041
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7104
1
Linux QO71042
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7104
2
LinuxS390 QO71085
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7108
5
NCR QO71043
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7104
3
NetWare QO71044
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7104
4
OS/2 On Request
http://supportconnect.ca.com
OSF1 QO71045
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7104
5
SCO QO71046
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7104
6
SINIX QO71047
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7104
7
Solaris QO71048
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7104
8
SolarisIntel QO71049
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7104
9
Unixware7 QO71050
http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO7105
0
OpenVMS On Request
http://supportconnect.ca.com


Customers wishing to patch their Master Image CD sets should 
refer to the solution areas on the product home pages 
(http://supportconnectw.ca.com/main.asp).

USD/SDO package for the CA Message Queuing vulnerability
http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_faqs.asp
#faqsdo

UAM/AMO Definitions for the CA Message Queuing vulnerability
http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_faqs.asp
#faqamo


CVE Reference: Pending

OSVDB Reference: Pending


Advisory URLs (note that URLs may wrap): 
 
CA Message Queuing Security Notice
http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.a
sp

CA Security Advisor site: CAID 32919 - Computer Associates 
Message Queuing (CAM/CAFT) multiple vulnerabilities
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32919

CA Message Queuing Security Notice Frequently Asked Questions
http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_faqs.asp


Should you require additional information, please contact CA 
Customer Support at http://supportconnect.ca.com.
CA Customer Support North America (individual product hotlines)
http://supportconnectw.ca.com/public/ca_common_docs/support_dir.pdf
CA International Customer Support (individual country offices)
http://www.ca.com/camap.htm


Respectfully,

Ken Williams ; Dir. Vuln Research 
Computer Associates ; 0xE2941985


Computer Associates International, Inc. (CA). 
One Computer Associates Plaza. Islandia, NY 11749
	
Contact Us http://ca.com/catalk.htm
Legal Notice http://ca.com/calegal.htm
Privacy Policy http://ca.com
Copyright 2005 Computer Associates International, Inc.
All rights reserved


- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBQwvylCh9+71yA2DNAQLILAP9HY4vDL3m5XPyLlx7dVTfBi46zTX07Dic
TL+TztmfhXADf1LvYUuvHvS69AFoWRk+VQCzhoq1dQARuyY7PTXjitizMOPOv4dR
ZnEbs3yeUY0SVtf3lBbSltJ1VwDgLkV+/w6C09Nw9HxRlLROzNyv1y4dZt5bCHvu
PlSW0CPuhDA=
=LGgp
-----END PGP SIGNATURE-----