| VID |
23159 |
| Severity |
30 |
| Port |
5727 |
| Protocol |
UDP |
| Class |
Daemon |
| Detailed Description |
The CA DMPrimer service, according to its version number, has multiple denial of service vulnerabilities. DM Primer (dmprimer.exe) v1.4.154 and v1.4.155 of the DM Deployment Common Component being distributed with some CA products are vulnerable to the following denial of service vulnerabilities:
1. A Denial of Service (DoS) vulnerability has been identified in the handling of unrecognized network messages which may result in high CPU utilization and excessive growth of the DM Primer log file.
2. A Denial of Service (DoS) vulnerability has been identified with the way in which the DM Primer handles receipt of large rogue network messages which can result in the DM Primer becoming unresponsive.
* References:
http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity_notice.asp
http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity-faqs.asp
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=33756
http://www.frsirt.com/english/advisories/2006/0236
http://secunia.com/advisories/18531
http://securitytracker.com/id?1015504
http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0645.html
http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041457.html
* Platforms Affected:
Computer Associates, DM Primer v1.4.154 and v1.4.155
Computer Associates, BrightStor ARCserve Backup r11.0
Computer Associates, BrightStor ARCserve Backup r11.1
Computer Associates, BrightStor ARCserve Backup r11.1 SP1
Computer Associates, BrightStor Mobile Backup r4.0
Computer Associates, CA Business Protection Suite r2
Computer Associates, CA Desktop Protection Suite r2
Computer Associates, CA Server Protection Suite r2
Computer Associates, Inc., Unicenter Remote Control 6.0
Computer Associates, Inc., Unicenter Remote Control 6.0 SP1
Microsoft Windows Any version |
| Recommendation |
Disable the DMPrimer service, as listed in the Computer Associates' Security Notice at http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity_notice.asp |
| Related URL |
CVE-2006-0306,CVE-2006-0307 (CVE) |
| Related URL |
16276 (SecurityFocus) |
| Related URL |
24166 (ISS) |
|
