var-200707-0544
Vulnerability from variot
Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104. Multiple Computer Associates products are prone to a remote stack-based buffer-overflow vulnerability. This issue affects the Message Queuing (CAM/CAFT) component. The application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer. A successful exploit will allow an attacker to execute arbitrary code with SYSTEM-level privileges. There is a buffer overflow vulnerability in the CAM service when processing malformed user requests. Remote attackers may use this vulnerability to control the server.
Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.
The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/
The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. Please see the vendor's advisory for more details.
CAM (Windows): http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO89945
CAM(Netware): http://supportconnect.ca.com/sc/redir.jsp?reqPage=search&searchID=QO89943
PROVIDED AND/OR DISCOVERED BY: IBM ISS X-Force
ORIGINAL ADVISORY: CA: http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp
IBM ISS X-Force: http://www.iss.net/threats/272.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
.
Mitigating Factors: None
Severity: CA has given this vulnerability a High risk rating.
i.e. CAM versions 1.04, 1.05, 1.06, 1.07, 1.10 (prior to Build
54_4) and 1.11 (prior to Build 54_4).
Affected Products: Advantage Data Transport 3.0 BrightStor SAN Manager 11.1, 11.5 BrightStor Portal 11.1 CleverPath OLAP 5.1 CleverPath ECM 3.5 CleverPath Predictive Analysis Server 2.0, 3.0 CleverPath Aion 10.0 eTrust Admin 2.01, 2.04, 2.07, 2.09, 8.0, 8.1 Unicenter Application Performance Monitor 3.0, 3.5 Unicenter Asset Management 3.1, 3.2, 3.2 SP1, 3.2 SP2, 4.0, 4.0 SP1 Unicenter Data Transport Option 2.0 Unicenter Enterprise Job Manager 1.0 SP1, 1.0 SP2 Unicenter Jasmine 3.0 Unicenter Management for WebSphere MQ 3.5 Unicenter Management for Microsoft Exchange 4.0, 4.1 Unicenter Management for Lotus Notes/Domino 4.0 Unicenter Management for Web Servers 5, 5.0.1 Unicenter NSM 3.0, 3.1 Unicenter NSM Wireless Network Management Option 3.0 Unicenter Remote Control 6.0, 6.0 SP1 Unicenter Service Level Management 3.0, 3.0.1, 3.0.2, 3.5 Unicenter Software Delivery 3.0, 3.1, 3.1 SP1, 3.1 SP2, 4.0, 4.0 SP1 Unicenter TNG 2.1, 2.2, 2.4, 2.4.2 Unicenter TNG JPN 2.2
Affected Platforms: Windows and NetWare
Platforms NOT affected: AIX, AS/400, DG Intel, DG Motorola, DYNIX, HP-UX, IRIX, Linux Intel, Linux s/390, MVS, Open VMS, OS/2, OSF1, Solaris Intel, Solaris Sparc and UnixWare.
Status and Recommendation:
CA has made patches available for all affected products. These
patches are independent of the CA Software that installed CAM.
Simply select the patch appropriate to the platform, and the
installed version of CAM, and follow the patch application
instructions. You should also review the product home pages on
SupportConnect for any additional product specific instructions.
Solutions for CAM: Platform Solution Windows QO89945 NetWare QO89943
How to determine if you are affected:
Determining CAM versions: Simply running camstat will return the version information in the top line of the output on any platform. The camstat command is located in the bin subfolder of the installation directory.
The example below indicates that CAM version 1.11 build 27 increment 2 is running.
E:>camstat CAM – machine.ca.com Version 1.11 (Build 27_2) up 0 days 1:16
Determining the CAM install directory:
Windows: The install location is specified by the %CAI_MSQ% environment variable. Unix/Linux/Mac: The /etc/catngcampath text file holds the CAM install location.
Workaround: The affected listening port can be disabled by creating or updating CAM's configuration file, CAM.CFG, with the following entry under the "*CONFIG" section:
*CONFIG cas_port=0
The CA Messaging Server must be recycled in order for this to take effect. We advise that products dependent upon CAM should be shutdown prior to recycling CAM. Once dependent products have been shutdown, CAM can be recycled with the following commands:
On Windows: camclose cam start
On NetWare: load camclose load cam start
Once CAM has been restarted, any CAM dependent products that were shutdown can be restarted.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form. URL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx
Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2007 CA. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003)
wj8DBQFGpqCHeSWR3+KUGYURAt6DAJ0YpnaiwrNfhhQlvdvL28LYxBYbZgCfRpKQ pNdOPBvd1/BVRF6Lo65uo2o= =7w0f -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200707-0544",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unicenter tng",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "2.2"
},
{
"model": "unicenter software delivery",
"scope": "eq",
"trust": 1.6,
"vendor": "ca",
"version": "4.0"
},
{
"model": "etrust admin",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "2.7"
},
{
"model": "unicenter service level management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.5"
},
{
"model": "unicenter tng",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2.2"
},
{
"model": "etrust admin",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "2.1"
},
{
"model": "cleverpath olap",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "5.1"
},
{
"model": "unicenter application performance monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"model": "unicenter remote control",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "6.0"
},
{
"model": "cleverpath aion",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "10.0"
},
{
"model": "unicenter management",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "4.0"
},
{
"model": "unicenter asset management",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "4.0"
},
{
"model": "unicenter data transport option",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2.0"
},
{
"model": "etrust admin",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "2.4"
},
{
"model": "unicenter tng",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2.1"
},
{
"model": "unicenter management",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "5.0"
},
{
"model": "unicenter service level management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0.1"
},
{
"model": "unicenter network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.1"
},
{
"model": "unicenter tng",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2.4"
},
{
"model": "unicenter software delivery",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.1"
},
{
"model": "advantage data transport",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"model": "cleverpath predictive analysis server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"model": "unicenter management",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "4.1"
},
{
"model": "brightstor san manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.5"
},
{
"model": "unicenter service level management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0.2"
},
{
"model": "unicenter enterprise job manager",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "1.0"
},
{
"model": "unicenter application performance monitor",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.5"
},
{
"model": "unicenter service level management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"model": "brightstor san manager",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.1"
},
{
"model": "unicenter nsm wireless network management option",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"model": "unicenter software delivery",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "4.0"
},
{
"model": "unicenter asset management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.1"
},
{
"model": "brightstor portal",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "11.1"
},
{
"model": "unicenter tng",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2.4.2"
},
{
"model": "unicenter asset management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.2"
},
{
"model": "etrust admin",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "2.9"
},
{
"model": "unicenter management",
"scope": "eq",
"trust": 1.0,
"vendor": "ca",
"version": "5.0.1"
},
{
"model": "cleverpath predictive analysis server",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "2.0"
},
{
"model": "unicenter network and systems management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"model": "cleverpath ecm",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.5"
},
{
"model": "unicenter asset management",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "4.0"
},
{
"model": "unicenter software delivery",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"model": "etrust admin",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.1"
},
{
"model": "unicenter jasmine",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "3.0"
},
{
"model": "etrust admin",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "8.0"
},
{
"model": "brightstor portal",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "brightstor san manager",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "advantage data transport",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "cleverpath aion",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "cleverpath ecm",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "cleverpath olap",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "cleverpath predictive analysis server",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "etrust admin",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "unicenter application performance monitor",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "unicenter asset management",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "unicenter data transport option",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "unicenter enterprise job manager",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "unicenter jasmine",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "unicenter management",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "unicenter network and systems management",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "unicenter nsm wireless network management option",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "unicenter remote control",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "unicenter service level management",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "unicenter software delivery",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "unicenter tng",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "unicenter tng",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "2.4.2"
},
{
"model": "unicenter tng",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "2.1"
},
{
"model": "unicenter tng",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "2.4"
},
{
"model": "unicenter software delivery",
"scope": "eq",
"trust": 0.6,
"vendor": "ca",
"version": "3.1"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.4.2"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.4"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.2"
},
{
"model": "associates unicenter tng",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.1"
},
{
"model": "associates unicenter software delivery sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "4.0"
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "4.0"
},
{
"model": "associates unicenter software delivery sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates unicenter software delivery sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates unicenter software delivery",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates unicenter service level management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.5"
},
{
"model": "associates unicenter service level management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0.2"
},
{
"model": "associates unicenter service level management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0.1"
},
{
"model": "associates unicenter service level management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates unicenter remote control sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter remote control",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "6.0"
},
{
"model": "associates unicenter nsm wireless network management option",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates unicenter network and systems management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates unicenter management for websphere mq",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.5"
},
{
"model": "associates unicenter management for web servers",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "5.0.1"
},
{
"model": "associates unicenter management for web servers",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "5.0"
},
{
"model": "associates unicenter management for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "4.1"
},
{
"model": "associates unicenter management for microsoft exchange",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "4.0"
},
{
"model": "associates unicenter management for lotus notes/domino",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "4.0"
},
{
"model": "associates unicenter jasmine",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates unicenter enterprise job manager sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter enterprise job manager sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "1.0"
},
{
"model": "associates unicenter data transport option",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.0"
},
{
"model": "associates unicenter asset management sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "4.0"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "4.0"
},
{
"model": "associates unicenter asset management sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.2"
},
{
"model": "associates unicenter asset management sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.2"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.2"
},
{
"model": "associates unicenter asset management",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.1"
},
{
"model": "associates unicenter application performance monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.5"
},
{
"model": "associates unicenter application performance monitor",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.0"
},
{
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.09"
},
{
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.07"
},
{
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.04"
},
{
"model": "associates etrust admin",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.01"
},
{
"model": "associates cleverpath predictive analysis server",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
},
{
"model": "associates cleverpath predictive analysis server",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2.0"
},
{
"model": "associates cleverpath olap",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "5.1"
},
{
"model": "associates cleverpath ecm",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.5"
},
{
"model": "associates cleverpath aion",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "10.0"
},
{
"model": "associates brightstor san manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.5"
},
{
"model": "associates brightstor san manager",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates brightstor portal",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "11.1"
},
{
"model": "associates advantage data transport",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "3.0"
}
],
"sources": [
{
"db": "BID",
"id": "25051"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001326"
},
{
"db": "NVD",
"id": "CVE-2007-0060"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-429"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:broadcom:brightstor_portal:11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:brightstor_san_manager:11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:etrust_admin:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:etrust_admin:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_asset_management:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:cleverpath_ecm:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:cleverpath_olap:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:etrust_admin:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:etrust_admin:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_asset_management:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:unicenter_asset_management:4.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_data_transport_option:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:unicenter_management:5.0:*:web_servers:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:unicenter_management:5.0.1:*:web_servers:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_service_level_management:3.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_service_level_management:3.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_tng:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_tng:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:brightstor_san_manager:11.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:cleverpath_aion:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:etrust_admin:2.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:etrust_admin:2.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_asset_management:3.2:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_asset_management:3.2:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:unicenter_management:4.0:*:microsoft_exchange:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:unicenter_management:4.1:*:microsoft_exchange:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_remote_control:6.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_service_level_management:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_software_delivery:3.1:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_software_delivery:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:unicenter_software_delivery:4.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_asset_management:3.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_jasmine:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:unicenter_management:4.0:*:lotus_notes_domino:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_nsm_wireless_network_management_option:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_remote_control:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_software_delivery:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_software_delivery:3.1:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_tng:2.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:advantage_data_transport:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:cleverpath_predictive_analysis_server:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:cleverpath_predictive_analysis_server:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_application_performance_monitor:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_application_performance_monitor:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:unicenter_enterprise_job_manager:1.0:sp1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:unicenter_enterprise_job_manager:1.0:sp2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_service_level_management:3.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_software_delivery:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:ca:unicenter_tng:2.2:*:*:ja:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:broadcom:unicenter_tng:2.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0060"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Paul Mehta",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-429"
}
],
"trust": 0.6
},
"cve": "CVE-2007-0060",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2007-0060",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-23422",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-0060",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200707-429",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-23422",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23422"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001326"
},
{
"db": "NVD",
"id": "CVE-2007-0060"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-429"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104. Multiple Computer Associates products are prone to a remote stack-based buffer-overflow vulnerability. This issue affects the Message Queuing (CAM/CAFT) component. The application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer. \nA successful exploit will allow an attacker to execute arbitrary code with SYSTEM-level privileges. There is a buffer overflow vulnerability in the CAM service when processing malformed user requests. Remote attackers may use this vulnerability to control the server. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Full Featured Secunia Network Software Inspector (NSI) is now\navailable:\nhttp://secunia.com/network_software_inspector/\n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,000 different Windows applications. Please see\nthe vendor\u0027s advisory for more details. \n\nCAM (Windows):\nhttp://supportconnect.ca.com/sc/redir.jsp?reqPage=search\u0026searchID=QO89945\n\nCAM(Netware):\nhttp://supportconnect.ca.com/sc/redir.jsp?reqPage=search\u0026searchID=QO89943\n\nPROVIDED AND/OR DISCOVERED BY:\nIBM ISS X-Force\n\nORIGINAL ADVISORY:\nCA:\nhttp://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp\n\nIBM ISS X-Force:\nhttp://www.iss.net/threats/272.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \n\nMitigating Factors: None\n\nSeverity: CA has given this vulnerability a High risk rating. \ni.e. CAM versions 1.04, 1.05, 1.06, 1.07, 1.10 (prior to Build \n54_4) and 1.11 (prior to Build 54_4). \n\nAffected Products:\nAdvantage Data Transport 3.0\nBrightStor SAN Manager 11.1, 11.5\nBrightStor Portal 11.1\nCleverPath OLAP 5.1\nCleverPath ECM 3.5\nCleverPath Predictive Analysis Server 2.0, 3.0\nCleverPath Aion 10.0\neTrust Admin 2.01, 2.04, 2.07, 2.09, 8.0, 8.1\nUnicenter Application Performance Monitor 3.0, 3.5\nUnicenter Asset Management 3.1, 3.2, 3.2 SP1, 3.2 SP2, 4.0, \n 4.0 SP1\nUnicenter Data Transport Option 2.0\nUnicenter Enterprise Job Manager 1.0 SP1, 1.0 SP2\nUnicenter Jasmine 3.0\nUnicenter Management for WebSphere MQ 3.5\nUnicenter Management for Microsoft Exchange 4.0, 4.1\nUnicenter Management for Lotus Notes/Domino 4.0\nUnicenter Management for Web Servers 5, 5.0.1\nUnicenter NSM 3.0, 3.1\nUnicenter NSM Wireless Network Management Option 3.0\nUnicenter Remote Control 6.0, 6.0 SP1\nUnicenter Service Level Management 3.0, 3.0.1, 3.0.2, 3.5\nUnicenter Software Delivery 3.0, 3.1, 3.1 SP1, 3.1 SP2, 4.0, \n 4.0 SP1\nUnicenter TNG 2.1, 2.2, 2.4, 2.4.2\nUnicenter TNG JPN 2.2\n\nAffected Platforms:\nWindows and NetWare\n\nPlatforms NOT affected:\nAIX, AS/400, DG Intel, DG Motorola, DYNIX, HP-UX, IRIX, \nLinux Intel, Linux s/390, MVS, Open VMS, OS/2, OSF1, \nSolaris Intel, Solaris Sparc and UnixWare. \n\nStatus and Recommendation:\nCA has made patches available for all affected products. These \npatches are independent of the CA Software that installed CAM. \nSimply select the patch appropriate to the platform, and the \ninstalled version of CAM, and follow the patch application \ninstructions. You should also review the product home pages on \nSupportConnect for any additional product specific instructions. \n\nSolutions for CAM:\nPlatform Solution\nWindows QO89945\nNetWare QO89943\n\nHow to determine if you are affected:\n\nDetermining CAM versions:\nSimply running camstat will return the version information in the \ntop line of the output on any platform. The camstat command is \nlocated in the bin subfolder of the installation directory. \n\nThe example below indicates that CAM version 1.11 build 27 \nincrement 2 is running. \n\n E:\\\u003ecamstat\n CAM \u2013 machine.ca.com Version 1.11 (Build 27_2) up 0 days 1:16\n\nDetermining the CAM install directory:\n\nWindows: The install location is specified by the %CAI_MSQ% \n environment variable. \nUnix/Linux/Mac: The /etc/catngcampath text file holds the CAM \n install location. \n\nWorkaround:\nThe affected listening port can be disabled by creating or \nupdating CAM\u0027s configuration file, CAM.CFG, with the following \nentry under the \"*CONFIG\" section:\n\n *CONFIG\n cas_port=0\n\nThe CA Messaging Server must be recycled in order for this to take \neffect. We advise that products dependent upon CAM should be \nshutdown prior to recycling CAM. Once dependent products have \nbeen shutdown, CAM can be recycled with the following commands:\n\n On Windows:\n camclose\n cam start\n\n On NetWare:\n load camclose\n load cam start\n\nOnce CAM has been restarted, any CAM dependent products that were \nshutdown can be restarted. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your\nfindings to vuln AT ca DOT com, or utilize our \"Submit a \nVulnerability\" form. \nURL: http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx\n\n\nRegards,\nKen Williams ; 0xE2941985\nDirector, CA Vulnerability Research\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2007 CA. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 9.5.3 (Build 5003)\n\nwj8DBQFGpqCHeSWR3+KUGYURAt6DAJ0YpnaiwrNfhhQlvdvL28LYxBYbZgCfRpKQ\npNdOPBvd1/BVRF6Lo65uo2o=\n=7w0f\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0060"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001326"
},
{
"db": "BID",
"id": "25051"
},
{
"db": "VULHUB",
"id": "VHN-23422"
},
{
"db": "PACKETSTORM",
"id": "58028"
},
{
"db": "PACKETSTORM",
"id": "58025"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-0060",
"trust": 2.9
},
{
"db": "BID",
"id": "25051",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "26190",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1018449",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2007-2638",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001326",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200707-429",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "58025",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-23422",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "58028",
"trust": 0.1
},
{
"db": "XF",
"id": "32234",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23422"
},
{
"db": "BID",
"id": "25051"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001326"
},
{
"db": "PACKETSTORM",
"id": "58028"
},
{
"db": "PACKETSTORM",
"id": "58025"
},
{
"db": "NVD",
"id": "CVE-2007-0060"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-429"
}
]
},
"id": "VAR-200707-0544",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-23422"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:46:46.358000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Security Notice for CA Message Queuing (CAM / CAFT) vulnerability",
"trust": 0.8,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=149849"
},
{
"title": "CA Repair Measures for Security Vulnerabilities of Message Queuing Server",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=146846"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001326"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-429"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0060"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809"
},
{
"trust": 1.8,
"url": "http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp"
},
{
"trust": 1.8,
"url": "http://www.iss.net/threats/272.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/25051"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/474602/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1018449"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/26190"
},
{
"trust": 1.7,
"url": "http://www.vupen.com/english/advisories/2007/2638"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32234"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0060"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0060"
},
{
"trust": 0.4,
"url": "http://iss.net/threats/272.html"
},
{
"trust": 0.3,
"url": "http://www.ca.com"
},
{
"trust": 0.3,
"url": "/archive/1/474602"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5586/"
},
{
"trust": 0.1,
"url": "http://secunia.com/network_software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5581/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5574/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5585/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5580/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5595/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5587/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5594/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5591/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5583/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5576/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1682/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5577/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5590/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5582/"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo89943"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3206/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5596/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5588/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5584/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5578/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5579/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2622/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1683/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/26190/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/sc/redir.jsp?reqpage=search\u0026searchid=qo89945"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5589/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5592/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5593/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/5597/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/submit.aspx"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2007-0060"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=35527"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com."
},
{
"trust": 0.1,
"url": "http://osvdb.org/"
},
{
"trust": 0.1,
"url": "http://supportconnect.ca.com/"
},
{
"trust": 0.1,
"url": "http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-s"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "http://xforce.iss.net/xforce/xfdb/32234"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-23422"
},
{
"db": "BID",
"id": "25051"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001326"
},
{
"db": "PACKETSTORM",
"id": "58028"
},
{
"db": "PACKETSTORM",
"id": "58025"
},
{
"db": "NVD",
"id": "CVE-2007-0060"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-429"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-23422"
},
{
"db": "BID",
"id": "25051"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-001326"
},
{
"db": "PACKETSTORM",
"id": "58028"
},
{
"db": "PACKETSTORM",
"id": "58025"
},
{
"db": "NVD",
"id": "CVE-2007-0060"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-429"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-07-26T00:00:00",
"db": "VULHUB",
"id": "VHN-23422"
},
{
"date": "2007-07-24T00:00:00",
"db": "BID",
"id": "25051"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001326"
},
{
"date": "2007-07-26T04:26:32",
"db": "PACKETSTORM",
"id": "58028"
},
{
"date": "2007-07-25T04:52:10",
"db": "PACKETSTORM",
"id": "58025"
},
{
"date": "2007-07-26T00:30:00",
"db": "NVD",
"id": "CVE-2007-0060"
},
{
"date": "2007-07-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-429"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-16T00:00:00",
"db": "VULHUB",
"id": "VHN-23422"
},
{
"date": "2007-07-27T15:35:00",
"db": "BID",
"id": "25051"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-001326"
},
{
"date": "2021-04-14T15:46:28.003000",
"db": "NVD",
"id": "CVE-2007-0060"
},
{
"date": "2021-04-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200707-429"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "58025"
},
{
"db": "CNNVD",
"id": "CNNVD-200707-429"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural CA Used in products Message Queuing Server Vulnerable to stack-based buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-001326"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200707-429"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.