CERTA-2005-AVI-318

Vulnerability from certfr_avis - Published: 2005-08-22 - Updated: 2005-08-22

Plusieurs vulnérabilités découvertes dans Computer Associates Message Queuing permettent l'exécution de code arbitraire à distance ou la réalisation d'un déni de service.

Description

CAM est un sous-composant inclus dans de nombreux produits de Computer Associates permettant de gérer des messages entre les applications.

CAFT est une application fournie avec CAM pour transférer des fichiers.

Trois vulnérabilités ont été découvertes dans Computer Associates Message Queuing (CAM/CAFT) permettant de réaliser un déni de service ou d'exécuter du code arbitraire à distance.

Solution

Appliquer le correctif de Computer Associates (voir Documentation).

None
Impacted products
Vendor Product Description
N/A N/A Unicenter Asset Management 3.1, 3.2, 3.2 SP1, 3.2 SP2, 4.0, 4.0 SP1 ;
N/A N/A Unicenter Application Performance Monitor 3.0, 3.5 ;
IBM N/A Unicenter SOftware Delivery 3.0, 3.1, 3.1 SP1, 3.1 SP2, 4.0, 4.0 SP1 ;
N/A N/A AdviseIT 2.4 ;
N/A N/A Unicenter TNG JPN 2.2.
N/A N/A CleverPath OLAP 5.1 ;
N/A N/A BrightStor SAN Manager 1.1, 1.1 SP1, 1.1 SP2, 11.1 ;
N/A N/A Unicenter NSM Wireless Network Management Option 3.0 ;
IBM N/A Unicenter Management for Lotus Notes/Domino 4.0 ;
N/A N/A Unicenter Service Level Management 3.0, 3.0.1, 3.0.2, 3.5 ;
IBM N/A eTrust Admin 2.01, 2.04, 2.07, 2.09, 8.0, 8.1 ;
IBM WebSphere Unicenter Management for WebSphere MQ 3.5 ;
Centreon Web Unicenter Management for Web Servers 5, 5.0.1 ;
N/A N/A CleverPath Predictive Analysis Server 2.0, 3.0 ;
Liferay Portal BrightStor Portal 11.1 ;
N/A N/A Unicenter NSM 3.0, 3.1 ;
Microsoft N/A Unicenter Management for Microsoft Exchange 4.0, 4.1 ;
N/A N/A Unicenter Enterprise Job Manager 1.0 SP1, 1.0 SP2 ;
N/A N/A Unicenter Remoter Control 6.0, 6.0 SP1 ;
N/A N/A Unicenter Performance Management for OpenVMS r2.4 SP3 ;
N/A N/A Unicenter Data Transport Option 2.0 ;
N/A N/A CleverPath ECM 3.5 ;
IBM N/A Unicenter Jasmine 3.0 ;
N/A N/A Unicenter TNG 2.1, 2.2, 2.4, 2.4.2 ;
N/A N/A Advantage Data Transport 3.0 ;
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Unicenter Asset Management 3.1, 3.2, 3.2 SP1, 3.2 SP2, 4.0, 4.0 SP1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Unicenter Application Performance Monitor 3.0, 3.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Unicenter SOftware Delivery 3.0, 3.1, 3.1 SP1, 3.1 SP2, 4.0, 4.0 SP1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "AdviseIT 2.4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Unicenter TNG JPN 2.2.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CleverPath OLAP 5.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BrightStor SAN Manager 1.1, 1.1 SP1, 1.1 SP2, 11.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Unicenter NSM Wireless Network Management Option 3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Unicenter Management for Lotus Notes/Domino 4.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Unicenter Service Level Management 3.0, 3.0.1, 3.0.2, 3.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "eTrust Admin 2.01, 2.04, 2.07, 2.09, 8.0, 8.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Unicenter Management for WebSphere MQ 3.5 ;",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Unicenter Management for Web Servers 5, 5.0.1 ;",
      "product": {
        "name": "Web",
        "vendor": {
          "name": "Centreon",
          "scada": false
        }
      }
    },
    {
      "description": "CleverPath Predictive Analysis Server 2.0, 3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "BrightStor Portal 11.1 ;",
      "product": {
        "name": "Portal",
        "vendor": {
          "name": "Liferay",
          "scada": false
        }
      }
    },
    {
      "description": "Unicenter NSM 3.0, 3.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Unicenter Management for Microsoft Exchange 4.0, 4.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Unicenter Enterprise Job Manager 1.0 SP1, 1.0 SP2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Unicenter Remoter Control 6.0, 6.0 SP1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Unicenter Performance Management for OpenVMS r2.4 SP3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Unicenter Data Transport Option 2.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "CleverPath ECM 3.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Unicenter Jasmine 3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Unicenter TNG 2.1, 2.2, 2.4, 2.4.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Advantage Data Transport 3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nCAM est un sous-composant inclus dans de nombreux produits de Computer\nAssociates permettant de g\u00e9rer des messages entre les applications.\n\nCAFT est une application fournie avec CAM pour transf\u00e9rer des fichiers.\n\nTrois vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Computer Associates\nMessage Queuing (CAM/CAFT) permettant de r\u00e9aliser un d\u00e9ni de service ou\nd\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nAppliquer le correctif de Computer Associates (voir Documentation).\n",
  "cves": [],
  "initial_release_date": "2005-08-22T00:00:00",
  "last_revision_date": "2005-08-22T00:00:00",
  "links": [],
  "reference": "CERTA-2005-AVI-318",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-08-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s d\u00e9couvertes dans Computer Associates Message\nQueuing permettent l\u0027ex\u00e9cution de code arbitraire \u00e0 distance ou la\nr\u00e9alisation d\u0027un d\u00e9ni de service.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Computer Associates Message Queuing",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Computer Associates du 19 ao\u00fbt 2005",
      "url": "http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.