| VID |
23146 |
| Severity |
40 |
| Port |
4105 |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The CA Message Queuing Service, according to its version number, has multiple vulnerabilities. Computer Associates Message Queuing (CAM/CAFT) contains multiple vulnerabilities that may allow remote attackers to perform spoofing attacks, execute arbitrary code, or cause a denial of service condition. The first vulnerability allows attackers to launch denial of service attacks to the CAM TCP port. The second vulnerability is due to improper bounds checking performed by CAM, which allows attackers to execute arbitrary code on the system with SYSTEM level privileges. The final vulnerability allows for CAFT spoofing attacks to be launched to execute arbitrary commands.
* References:
http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp
http://www.securitytracker.com/alerts/2005/Aug/1014756.html
http://www.frsirt.com/english/advisories/2005/1482
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32919
http://www.kb.cert.org/vuls/id/619988
http://secunia.com/advisories/16513
* Platforms Affected:
Computer Associates, Message Queuing (CAM / CAFT) version 1.05
Computer Associates, Message Queuing (CAM / CAFT) versions 1.07 prior to Build 220_13
Computer Associates, Message Queuing (CAM / CAFT) versions 1.11 prior to Build 29_13
Any operating system Any version |
| Recommendation |
Computer Associates has released a set of patches for CAM 1.05, 1.07 and 1.11.
Apply the fix for this vulnerability, as listed in the CA Message Queuing Security Notice at http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp |
| Related URL |
CVE-2005-2667,CVE-2005-2668,CVE-2005-2669 (CVE) |
| Related URL |
14621,14622,14623 (SecurityFocus) |
| Related URL |
21937,21948,21953 (ISS) |
|
