|
|
>> Computer Associates Message Queuing Denial of Service Vulnerabilities
|
Title : Computer Associates Message Queuing Denial of Service Vulnerabilities
VUPEN ID : VUPEN/ADV-2006-0414
CVE ID : CVE-2006-0529 - CVE-2006-0530
Rated as : Moderate Risk 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-02-02
|
Two vulnerabilities have been identified in various Computer Associates products, which could be exploited by remote attackers to cause a denial of service.
The first issue is due to an error in the CA Message Queuing component that fails to properly handle specially crafted messages sent to port 4105/TCP, which could be exploited by remote attackers to cause a denial of service.
The second vulnerability is due to an error when processing spoofed CAM control messages, which could be exploited by remote attackers to cause a denial of service.
Affected Products
Advantage Data Transport 3.0
BrightStor SAN Manager 1.1
BrightStor SAN Manager 1.1 SP1
BrightStor SAN Manager 1.1 SP2
BrightStor SAN Manager 11.1
BrightStor Portal 11.1
CleverPath OLAP 5.1
CleverPath ECM 3.5
CleverPath Predictive Analysis Server 2.0
CleverPath Predictive Analysis Server 3.0
CleverPath Aion 10.0
eTrust Admin 2.01
eTrust Admin 2.04
eTrust Admin 2.07
eTrust Admin 2.09
eTrust Admin 8.0
eTrust Admin 8.1
Unicenter Application Performance Monitor 3.0
Unicenter Application Performance Monitor 3.5
Unicenter Asset Management 3.1
Unicenter Asset Management 3.2
Unicenter Asset Management 3.2 SP1
Unicenter Asset Management 3.2 SP2
Unicenter Asset Management 4.0
Unicenter Asset Management 4.0 SP1
Unicenter Data Transport Option 2.0
Unicenter Enterprise Job Manager 1.0 SP1
Unicenter Enterprise Job Manager 1.0 SP2
Unicenter Jasmine 3.0
Unicenter Management for WebSphere MQ 3.5
Unicenter Management for Microsoft Exchange 4.0
Unicenter Management for Microsoft Exchange 4.1
Unicenter Management for Lotus Notes/Domino 4.0
Unicenter Management for Web Servers 5
Unicenter Management for Web Servers 5.0.1
Unicenter NSM 3.0
Unicenter NSM 3.1
Unicenter NSM Wireless Network Management Option 3.0
Unicenter Remote Control 6.0
Unicenter Remote Control 6.0 SP1
Unicenter Service Level Management 3.0
Unicenter Service Level Management 3.0.1
Unicenter Service Level Management 3.0.2
Unicenter Service Level Management 3.5
Unicenter Software Delivery 3.0
Unicenter Software Delivery 3.1
Unicenter Software Delivery 3.1 SP1
Unicenter Software Delivery 3.1 SP2
Unicenter Software Delivery 4.0
Unicenter Software Delivery 4.0 SP1
Unicenter TNG 2.1
Unicenter TNG 2.2
Unicenter TNG 2.4
Unicenter TNG 2.4.2
Unicenter TNG JPN 2.2
(on AIX, DG Intel, DG Motorola, DYNIX, OSF1, HP-UX, IRIX, Linux Intel, Linux s/390, Solaris Intel, Solaris Sparc, UnixWare and Windows).
Solution
Patch for CAM versions 1.11 prior to Build 29_20 :
http://supportconnectw.ca.com/public/ca_common_docs/camessagsecurity_cam111fixes.asp
Patch for CAM versions 1.07 prior to Build 220_16 :
http://supportconnectw.ca.com/public/ca_common_docs/camessagsecurity_cam107fixes.asp
Patch for CAM versions 1.05 :
http://supportconnectw.ca.com/public/ca_common_docs/camessagsecurity_cam107fixes.asp
References
http://www.vupen.com/english/advisories/2006/0414
http://www.frsirt.com/english/reference/5335
Credits
Vulnerabilities reported by Nicolas Pouvesle
ChangeLog
2006-02-02 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
