This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
APP:CA:MESSAGE-QUEUE-HEAP
|
Severity |
Critical
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
APP
|
Keywords |
CA Products Message Queuing Server Buffer Overflow
|
Release Date |
2010/10/13
|
Update Number |
1791
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
APP: CA Products Message Queuing Server Buffer Overflow
This signature detects attempts to exploit a known buffer overflow vulnerability in the way CA Message Queuing Server handles incoming packets. It is due to lack of boundary protection while processing packets. A remote unauthenticated attacker can exploit this to cause a denial-of-service condition or inject and execute arbitrary code on the system within the security context of the affected service, normally System. Also, in a successful code injection attack, the behavior of the target is entirely dependent on the intended function of the injected code and would execute within the security context of the affected service. In an unsuccessful code injection attack, the affected server terminates.
Extended Description
Multiple Computer Associates products are prone to a remote stack-based buffer-overflow vulnerability. This issue affects the Message Queuing (CAM/CAFT) component. The application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer.
A successful exploit will allow an attacker to execute arbitrary code with SYSTEM-level privileges.
This issue affects all versions of the CA Message Queuing software prior to v1.11 Build 54_4 on Windows and NetWare.
Affected Products
- Computer_associates advantage_data_transport 3.0.0
- Computer_associates brightstor_portal 11.1.0
- Computer_associates brightstor_san_manager 11.1.0
- Computer_associates brightstor_san_manager 11.5.0
- Computer_associates cleverpath_aion 10.0.0
- Computer_associates cleverpath_ecm 3.5.0
- Computer_associates cleverpath_olap 5.1.0
- Computer_associates cleverpath_predictive_analysis_server 2.0.0
- Computer_associates cleverpath_predictive_analysis_server 3.0.0
- Computer_associates etrust_admin 2.01
- Computer_associates etrust_admin 2.04
- Computer_associates etrust_admin 2.07
- Computer_associates etrust_admin 2.09
- Computer_associates etrust_admin 8.0.0
- Computer_associates etrust_admin 8.1.0
- Computer_associates unicenter_application_performance_monitor 3.0.0
- Computer_associates unicenter_application_performance_monitor 3.5.0
- Computer_associates unicenter_asset_management 3.1.0
- Computer_associates unicenter_asset_management 3.2.0
- Computer_associates unicenter_asset_management 3.2.0 SP1
- Computer_associates unicenter_asset_management 3.2.0 SP2
- Computer_associates unicenter_asset_management 4.0.0
- Computer_associates unicenter_asset_management 4.0.0 SP1
- Computer_associates unicenter_data_transport_option 2.0.0
- Computer_associates unicenter_enterprise_job_manager 1.0.0 SP1
- Computer_associates unicenter_enterprise_job_manager 1.0.0 SP2
- Computer_associates unicenter_jasmine 3.0.0
- Computer_associates unicenter_management_for_lotus_notes/domino 4.0.0
- Computer_associates unicenter_management_for_microsoft_exchange 4.0.0
- Computer_associates unicenter_management_for_microsoft_exchange 4.1.0
- Computer_associates unicenter_management_for_web_servers 5.0.0
- Computer_associates unicenter_management_for_web_servers 5.0.1
- Computer_associates unicenter_management_for_websphere_mq 3.5.0
- Computer_associates unicenter_network_and_systems_management 3.0
- Computer_associates unicenter_network_and_systems_management 3.1
- Computer_associates unicenter_nsm_wireless_network_management_option 3.0.0
- Computer_associates unicenter_remote_control 6.0.0
- Computer_associates unicenter_remote_control 6.0.0 SP1
- Computer_associates unicenter_service_level_management 3.0.0
- Computer_associates unicenter_service_level_management 3.0.1
- Computer_associates unicenter_service_level_management 3.0.2
- Computer_associates unicenter_service_level_management 3.5.0
- Computer_associates unicenter_software_delivery 3.0.0
- Computer_associates unicenter_software_delivery 3.1.0
- Computer_associates unicenter_software_delivery 3.1.0 SP1
- Computer_associates unicenter_software_delivery 3.1.0 SP2
- Computer_associates unicenter_software_delivery 4.0.0
- Computer_associates unicenter_software_delivery 4.0.0 SP1
- Computer_associates unicenter_tng 2.1.0
- Computer_associates unicenter_tng 2.2.0
- Computer_associates unicenter_tng 2.4.0
- Computer_associates unicenter_tng 2.4.2
- Computer_associates unicenter_tng_jpn 2.2.0
References