This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
APP:CA:LOG-SEC-BOF
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
APP
|
Keywords |
Computer Associates log_security Overflow
|
Release Date |
2005/12/20
|
Update Number |
1213
|
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
APP: Computer Associates log_security Overflow
This signature detects attempts to exploit a known vulnerability against the Computer Associates Log Security service. A successful attack can lead to arbitrary remote code execution. An exploit is currently available.
Extended Description
Computer Associates Message Queuing (CAM) is prone to a buffer-overflow vulnerability because the application fails to perform proper bounds checking on user-supplied data.
A successful attack can cause the process's execution stack to overflow and may ultimately allow arbitrary code to run in the context of the affected application. This may allow an attacker to escalate their privileges to SYSTEM level.
Affected Products
- Computer_associates advantage_data_transport 3.0.0
- Computer_associates adviseit 2.4.0
- Computer_associates brightstor_portal 11.1.0
- Computer_associates brightstor_san_manager 1.1.0
- Computer_associates brightstor_san_manager 1.1.0 SP1
- Computer_associates brightstor_san_manager 1.1.0 SP2
- Computer_associates brightstor_san_manager 11.1.0
- Computer_associates cam 1.05
- Computer_associates cam 1.07
- Computer_associates cam 1.11
- Computer_associates cleverpath_aion 10.0.0
- Computer_associates cleverpath_ecm 3.5.0
- Computer_associates cleverpath_olap 5.1.0
- Computer_associates cleverpath_predictive_analysis_server 2.0.0
- Computer_associates cleverpath_predictive_analysis_server 3.0.0
- Computer_associates etrust_admin 2.1.0
- Computer_associates etrust_admin 2.4.0
- Computer_associates etrust_admin 2.7.0
- Computer_associates etrust_admin 2.9.0
- Computer_associates etrust_admin 8.0.0
- Computer_associates etrust_admin 8.1.0
- Computer_associates unicenter_application_performance_monitor 3.0.0
- Computer_associates unicenter_application_performance_monitor 3.5.0
- Computer_associates unicenter_asset_management 3.1.0
- Computer_associates unicenter_asset_management 3.2.0
- Computer_associates unicenter_asset_management 3.2.0 SP1
- Computer_associates unicenter_asset_management 3.2.0 SP2
- Computer_associates unicenter_asset_management 4.0.0
- Computer_associates unicenter_asset_management 4.0.0 SP1
- Computer_associates unicenter_data_transport_option 2.0.0
- Computer_associates unicenter_enterprise_job_manager 1.0.0 SP1
- Computer_associates unicenter_enterprise_job_manager 1.0.0 SP2
- Computer_associates unicenter_jasmine 3.0.0
- Computer_associates unicenter_management_for_lotus_notes/domino 4.0.0
- Computer_associates unicenter_management_for_microsoft_exchange 4.0.0
- Computer_associates unicenter_management_for_microsoft_exchange 4.1.0
- Computer_associates unicenter_management_for_web_servers 5.0.0
- Computer_associates unicenter_management_for_web_servers 5.0.1
- Computer_associates unicenter_management_for_websphere_mq 3.5.0
- Computer_associates unicenter_management_portal 2.0.0
- Computer_associates unicenter_management_portal 3.1.0
- Computer_associates unicenter_network_and_systems_management 3.0.0
- Computer_associates unicenter_network_and_systems_management 3.1.0
- Computer_associates unicenter_nsm_wireless_network_management_option 3.0.0
- Computer_associates unicenter_performance_management_for_openvms 2.4.0 SP3
- Computer_associates unicenter_remote_control 6.0.0
- Computer_associates unicenter_remote_control 6.0.0 SP1
- Computer_associates unicenter_service_level_management 3.0.0
- Computer_associates unicenter_service_level_management 3.0.1
- Computer_associates unicenter_service_level_management 3.0.2
- Computer_associates unicenter_service_level_management 3.5.0
- Computer_associates unicenter_software_delivery 3.0.0
- Computer_associates unicenter_software_delivery 3.1.0
- Computer_associates unicenter_software_delivery 3.1.0 SP1
- Computer_associates unicenter_software_delivery 3.1.0 SP2
- Computer_associates unicenter_software_delivery 4.0.0
- Computer_associates unicenter_software_delivery 4.0.0 SP1
- Computer_associates unicenter_tng 2.1.0
- Computer_associates unicenter_tng 2.2.0
- Computer_associates unicenter_tng 2.4.0
- Computer_associates unicenter_tng 2.4.2
- Computer_associates unicenter_tng_jpn 2.2.0
References