VUPEN Security - CA Multiple Products Ingres Database Remote and Local Code Execution Vulnerabilities / Exploit (Security Advisories)

	Contact \| Site en Français

Vulnerabilities & Threats

VUPEN Security Advisories

Linux Security Advisories

Malware Advisories

Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> CA Multiple Products Ingres Database Remote and Local Code Execution Vulnerabilities

Title : CA Multiple Products Ingres Database Remote and Local Code Execution Vulnerabilities
VUPEN ID : VUPEN/ADV-2007-2290
CVE ID : CVE-2007-3334 - CVE-2007-3336 - CVE-2007-3337 - CVE-2007-3338
Rated as : Critical

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-06-22

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

Receive VUPEN Security notifications by SMS

Multiple vulnerabilities have been identified in CA products, which could be exploited by attackers to cause a denial of service or take complete control of an affected system. These issues are caused by errors in Ingres. For additional information, see : VUPEN/ADV-2007-2288

Affected Products

Advantage Data Transformer r2.2
AllFusion Enterprise Workbench r1.1
AllFusion Enterprise Workbench 1.1 SP1
AllFusion Enterprise Workbench r7
AllFusion Enterprise Workbench r7.1
AllFusion Harvest Change Manager r7
AllFusion Harvest Change Manager r7.1
BrightStor ARCserve Backup v9 (Linux)
BrightStor ARCserve Backup r11.1
BrightStor ARCserve Backup r11.5 (Unix, Linux and Mainframe Linux)
BrightStor ARCserve Backup for Laptops and Desktops r11.5
BrightStor Enterprise Backup (Unix only) r10.5
BrightStor Storage Command Center r11.5
BrightStor Storage Resource Manager r11.5
CleverPath Aion Business Rules Expert r10.1
CleverPath Aion Business Process Monitoring r10.1
CleverPath Predictive Analysis Server r3
DocServer 1.1
eTrust Admin v8
eTrust Admin v8.1
eTrust Admin r8.1 SP1
eTrust Admin r8.1 SP2
eTrust Audit r8 SP2
eTrust Directory r8.1
eTrust IAM Suite r8.0
eTrust IAM Toolkit r8.0
eTrust IAM Toolkit r8.1
eTrust Identity Manager r8.1
eTrust Network Forensics r8.1
eTrust Secure Content Manager r8
eTrust Single Sign-On r7
eTrust Single Sign-On r8
eTrust Single Sign-On r8.1
eTrust Web Access Control 1.0
Unicenter Advanced Systems Management r11
Unicenter Asset Intelligence r11
Unicenter Asset Management r11
Unicenter Asset Portfolio Management r11.2.1
Unicenter Asset Portfolio Management r11.3 Unicenter CCS r11
Unicenter Database Command Center r11.1
Unicenter Desktop and Server Management r11
Unicenter Desktop Management Suite r11
Unicenter Enterprise Job Manager r1 SP3
Unicenter Enterprise Job Manager r1 SP4
Unicenter Job Management Option r11
Unicenter Lightweight Portal 2
Unicenter Management Portal r3.1.1
Unicenter Network and Systems Management r3.0
Unicenter Network and Systems Management r11
Unicenter Network and Systems Management - Tiered - Multi Platform r3.0 0305
Unicenter Network and Systems Management - Tiered - Multi Platform r3.1 0403
Unicenter Network and Systems Management - Tiered - Multi Platform r11.0
Unicenter Patch Management r11
Unicenter Remote Control 6
Unicenter Remote Control r11
Unicenter Service Accounting r11
Unicenter Service Accounting r11.1
Unicenter Service Assure r2.2
Unicenter Service Assure r11
Unicenter Service Assure r11.1
Unicenter Service Catalog r11
Unicenter Service Catalog r11.1
Unicenter Service Delivery r11.0
Unicenter Service Delivery r11.1
Unicenter Service Intelligence r11
Unicenter Service Metric Analysis r3.0.2
Unicenter Service Metric Analysis r3.5
Unicenter Service Metric Analysis r11
Unicenter Service Metric Analysis r11.1
Unicenter ServicePlus Service Desk 5.5 SP3
Unicenter ServicePlus Service Desk 6.0
Unicenter ServicePlus Service Desk 6.0 SP1
Unicenter ServicePlus Service Desk r11
Unicenter ServicePlus Service Desk r11.1
Unicenter ServicePlus Service Desk r11.2
Unicenter Software Delivery r11
Unicenter TNG 2.4
Unicenter TNG 2.4.2
Unicenter TNG 2.4.2J
Unicenter Workload Control Center r1 SP3
Unicenter Workload Control Center r1 SP4
Unicenter Web Services Distributed Management 3.11
Unicenter Web Services Distributed Management 3.50
Wily SOA Manager 7.1

Solution

Apply patches :
http://supportconnectw.ca.com/premium/ca_common_docs/ingres/ingres_secnotice.asp

References

http://www.vupen.com/english/advisories/2007/2290
http://supportconnectw.ca.com/public/ca_common_docs/ingresvuln_letter.asp

Credits

Vulnerabilities reported by Chris Anley (NGSSoftware) and iDefense Labs.

ChangeLog

2007-06-22 : Initial release
2007-06-24 : Updated Advisory

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

Vulnerability Alerting

Free 14-Day Trial

Latest News

VUPEN Security Research
Discovered Critical Flaws
in Adobe Acrobat and MS
Office Word

VUPEN Security Research
Discovered Critical Flaws
in ACDSee Products

VUPEN Discovered Two
Critical Vulnerabilities in
Novell GroupWise 8 / 7

Microsoft Patched 14
Office PowerPoint Flaws

Adobe Reader / Acrobat
Vulnerabilities Disclosed

More Informations

Copyright 2003-2009 © VUPEN.COM - Privacy Policy