Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT packets.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Advantage_data_transport | Broadcom | 3.0 (including) | 3.0 (including) |
| Adviseit | Broadcom | 2.4 (including) | 2.4 (including) |
| Brightstor_portal | Broadcom | 11.1 (including) | 11.1 (including) |
| Brightstor_san_manager | Broadcom | 1.1 (including) | 1.1 (including) |
| Brightstor_san_manager | Broadcom | 1.1-sp1 (including) | 1.1-sp1 (including) |
| Brightstor_san_manager | Broadcom | 1.1-sp2 (including) | 1.1-sp2 (including) |
| Brightstor_san_manager | Broadcom | 11.1 (including) | 11.1 (including) |
| Cleverpath_aion | Broadcom | 10.0 (including) | 10.0 (including) |
| Cleverpath_ecm | Broadcom | 3.5 (including) | 3.5 (including) |
| Cleverpath_olap | Broadcom | 5.1 (including) | 5.1 (including) |
| Cleverpath_predictive_analysis_server | Broadcom | 2.0 (including) | 2.0 (including) |
| Cleverpath_predictive_analysis_server | Broadcom | 3.0 (including) | 3.0 (including) |
| Etrust_admin | Broadcom | 8.0 (including) | 8.0 (including) |
| Etrust_admin | Broadcom | 8.1 (including) | 8.1 (including) |
| Messaging | Broadcom | 1.5 (including) | 1.5 (including) |
| Messaging | Broadcom | 1.7 (including) | 1.7 (including) |
| Messaging | Broadcom | 1.11 (including) | 1.11 (including) |
| Unicenter_application_performance_monitor | Broadcom | 3.0 (including) | 3.0 (including) |
| Unicenter_application_performance_monitor | Broadcom | 3.5 (including) | 3.5 (including) |
| Unicenter_asset_management | Broadcom | 3.1 (including) | 3.1 (including) |
| Unicenter_asset_management | Broadcom | 3.2 (including) | 3.2 (including) |
| Unicenter_asset_management | Broadcom | 3.2-sp1 (including) | 3.2-sp1 (including) |
| Unicenter_asset_management | Broadcom | 3.2-sp2 (including) | 3.2-sp2 (including) |
| Unicenter_asset_management | Broadcom | 4.0 (including) | 4.0 (including) |
| Unicenter_data_transport_option | Broadcom | 2.0 (including) | 2.0 (including) |
| Unicenter_jasmine | Broadcom | 3.0 (including) | 3.0 (including) |
| Unicenter_management_portal | Broadcom | 2.0 (including) | 2.0 (including) |
| Unicenter_management_portal | Broadcom | 3.1 (including) | 3.1 (including) |
| Unicenter_network_and_systems_management | Broadcom | 3.0 (including) | 3.0 (including) |
| Unicenter_network_and_systems_management | Broadcom | 3.1 (including) | 3.1 (including) |
| Unicenter_nsm_wireless_network_management_option | Broadcom | 3.0 (including) | 3.0 (including) |
| Unicenter_performance_management | Broadcom | 2.4-sp3 (including) | 2.4-sp3 (including) |
| Unicenter_remote_control | Broadcom | 6.0 (including) | 6.0 (including) |
| Unicenter_remote_control | Broadcom | 6.0-sp1 (including) | 6.0-sp1 (including) |
| Unicenter_service_level_management | Broadcom | 3.0 (including) | 3.0 (including) |
| Unicenter_service_level_management | Broadcom | 3.0.1 (including) | 3.0.1 (including) |
| Unicenter_service_level_management | Broadcom | 3.0.2 (including) | 3.0.2 (including) |
| Unicenter_service_level_management | Broadcom | 3.5 (including) | 3.5 (including) |
| Unicenter_software_delivery | Broadcom | 3.0 (including) | 3.0 (including) |
| Unicenter_software_delivery | Broadcom | 3.1 (including) | 3.1 (including) |
| Unicenter_software_delivery | Broadcom | 3.1-sp1 (including) | 3.1-sp1 (including) |
| Unicenter_software_delivery | Broadcom | 3.1-sp2 (including) | 3.1-sp2 (including) |
| Unicenter_software_delivery | Broadcom | 4.0 (including) | 4.0 (including) |
| Unicenter_tng | Broadcom | 2.1 (including) | 2.1 (including) |
| Unicenter_tng | Broadcom | 2.2 (including) | 2.2 (including) |
| Unicenter_tng | Broadcom | 2.4 (including) | 2.4 (including) |
| Unicenter_tng | Broadcom | 2.4.2 (including) | 2.4.2 (including) |
| Etrust_admin | Ca | 2.1 (including) | 2.1 (including) |
| Etrust_admin | Ca | 2.4 (including) | 2.4 (including) |
| Etrust_admin | Ca | 2.7 (including) | 2.7 (including) |
| Etrust_admin | Ca | 2.9 (including) | 2.9 (including) |
| Unicenter_asset_management | Ca | 4.0-sp1 (including) | 4.0-sp1 (including) |
| Unicenter_enterprise_job_manager | Ca | 1.0-sp1 (including) | 1.0-sp1 (including) |
| Unicenter_enterprise_job_manager | Ca | 1.0-sp2 (including) | 1.0-sp2 (including) |
| Unicenter_management | Ca | 3.5 (including) | 3.5 (including) |
| Unicenter_management | Ca | 4.0 (including) | 4.0 (including) |
| Unicenter_management | Ca | 4.1 (including) | 4.1 (including) |
| Unicenter_management | Ca | 5.0 (including) | 5.0 (including) |
| Unicenter_management | Ca | 5.0.1 (including) | 5.0.1 (including) |
| Unicenter_software_delivery | Ca | 4.0-sp1 (including) | 4.0-sp1 (including) |
| Unicenter_tng | Ca | 2.2 (including) | 2.2 (including) |
References
- http://secunia.com/advisories/16513
- http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp
- http://www.osvdb.org/18917
- http://www.securityfocus.com/bid/14623
- http://www.vupen.com/english/advisories/2005/1482
- http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32919
- http://secunia.com/advisories/16513
- http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp
- http://www.osvdb.org/18917
- http://www.securityfocus.com/bid/14623
- http://www.vupen.com/english/advisories/2005/1482
- http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32919