| VID |
23157 |
| Severity |
30 |
| Port |
4105 |
| Protocol |
TCP |
| Class |
Daemon |
| Detailed Description |
The CA Message Queuing Service, according to its version number, has two denial of service vulnerabilities. CA Message Queuing (CAM/CAFT) software is a common component included with multiple Computer Associates' products. CA Message Queuing (CAM/CAFT) software version 1.05 and versions prior to 1.07 Build 220_16 and prior to 1.11 Build 29_20 is vulnerable to two denial of service attacks as follows:
1) An error in the handling of certain specially crafted messages sent to port 4105/tcp can be exploited to cause a DoS.
2) An error in the handling CAM control messages can be exploited to cause a DoS via spoofed CAM control messages.
* References:
http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp
http://secunia.com/advisories/18681/
http://archives.neohapsis.com/archives/bugtraq/2006-02/0021.html
* Platforms Affected:
Computer Associates, Message Queuing (CAM / CAFT) version 1.05
Computer Associates, Message Queuing (CAM / CAFT) versions 1.07 prior to Build 220_16
Computer Associates, Message Queuing (CAM / CAFT) versions 1.11 prior to Build 29_20
Any operating system Any version |
| Recommendation |
Computer Associates has released a set of patches for CAM 1.05, 1.07 and 1.11. Upgrade to the latest version of CA Message Queuing software (v1.07 Build 220_16 or later) or (v1.11 Build 29_20 or later), as listed in the CA Message Queuing Security Notice at http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp |
| Related URL |
CVE-2006-0529,CVE-2006-0530 (CVE) |
| Related URL |
16475 (SecurityFocus) |
| Related URL |
24448,24449 (ISS) |
|
