Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 APP:CA:LOG-SEC-BOF

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 APP

Keywords

 Computer Associates log_security Overflow

Release Date

 2005/12/20

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

APP: Computer Associates log_security Overflow


This signature detects attempts to exploit a known vulnerability against the Computer Associates Log Security service. A successful attack can lead to arbitrary remote code execution. An exploit is currently available.

Extended Description

Computer Associates Message Queuing (CAM) is prone to a buffer-overflow vulnerability because the application fails to perform proper bounds checking on user-supplied data. A successful attack can cause the process's execution stack to overflow and may ultimately allow arbitrary code to run in the context of the affected application. This may allow an attacker to escalate their privileges to SYSTEM level.

Affected Products

  • Computer_associates advantage_data_transport 3.0.0
  • Computer_associates adviseit 2.4.0
  • Computer_associates brightstor_portal 11.1.0
  • Computer_associates brightstor_san_manager 1.1.0
  • Computer_associates brightstor_san_manager 1.1.0 SP1
  • Computer_associates brightstor_san_manager 1.1.0 SP2
  • Computer_associates brightstor_san_manager 11.1.0
  • Computer_associates cam 1.05
  • Computer_associates cam 1.07
  • Computer_associates cam 1.11
  • Computer_associates cleverpath_aion 10.0.0
  • Computer_associates cleverpath_ecm 3.5.0
  • Computer_associates cleverpath_olap 5.1.0
  • Computer_associates cleverpath_predictive_analysis_server 2.0.0
  • Computer_associates cleverpath_predictive_analysis_server 3.0.0
  • Computer_associates etrust_admin 2.1.0
  • Computer_associates etrust_admin 2.4.0
  • Computer_associates etrust_admin 2.7.0
  • Computer_associates etrust_admin 2.9.0
  • Computer_associates etrust_admin 8.0.0
  • Computer_associates etrust_admin 8.1.0
  • Computer_associates unicenter_application_performance_monitor 3.0.0
  • Computer_associates unicenter_application_performance_monitor 3.5.0
  • Computer_associates unicenter_asset_management 3.1.0
  • Computer_associates unicenter_asset_management 3.2.0
  • Computer_associates unicenter_asset_management 3.2.0 SP1
  • Computer_associates unicenter_asset_management 3.2.0 SP2
  • Computer_associates unicenter_asset_management 4.0.0
  • Computer_associates unicenter_asset_management 4.0.0 SP1
  • Computer_associates unicenter_data_transport_option 2.0.0
  • Computer_associates unicenter_enterprise_job_manager 1.0.0 SP1
  • Computer_associates unicenter_enterprise_job_manager 1.0.0 SP2
  • Computer_associates unicenter_jasmine 3.0.0
  • Computer_associates unicenter_management_for_lotus_notes/domino 4.0.0
  • Computer_associates unicenter_management_for_microsoft_exchange 4.0.0
  • Computer_associates unicenter_management_for_microsoft_exchange 4.1.0
  • Computer_associates unicenter_management_for_web_servers 5.0.0
  • Computer_associates unicenter_management_for_web_servers 5.0.1
  • Computer_associates unicenter_management_for_websphere_mq 3.5.0
  • Computer_associates unicenter_management_portal 2.0.0
  • Computer_associates unicenter_management_portal 3.1.0
  • Computer_associates unicenter_network_and_systems_management 3.0.0
  • Computer_associates unicenter_network_and_systems_management 3.1.0
  • Computer_associates unicenter_nsm_wireless_network_management_option 3.0.0
  • Computer_associates unicenter_performance_management_for_openvms 2.4.0 SP3
  • Computer_associates unicenter_remote_control 6.0.0
  • Computer_associates unicenter_remote_control 6.0.0 SP1
  • Computer_associates unicenter_service_level_management 3.0.0
  • Computer_associates unicenter_service_level_management 3.0.1
  • Computer_associates unicenter_service_level_management 3.0.2
  • Computer_associates unicenter_service_level_management 3.5.0
  • Computer_associates unicenter_software_delivery 3.0.0
  • Computer_associates unicenter_software_delivery 3.1.0
  • Computer_associates unicenter_software_delivery 3.1.0 SP1
  • Computer_associates unicenter_software_delivery 3.1.0 SP2
  • Computer_associates unicenter_software_delivery 4.0.0
  • Computer_associates unicenter_software_delivery 4.0.0 SP1
  • Computer_associates unicenter_tng 2.1.0
  • Computer_associates unicenter_tng 2.2.0
  • Computer_associates unicenter_tng 2.4.0
  • Computer_associates unicenter_tng 2.4.2
  • Computer_associates unicenter_tng_jpn 2.2.0

References

  • BugTraq: 14622
  • CVE: CVE-2005-2668
  • URL: http://www.kb.cert.org/vuls/id/619988
  • URL: http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out