Overview
Computer Associates Message Queuing software contains buffer overflow conditions, which may allow a remote attacker to execute arbitrary code with elevated privileges.
Description
Computer Associates Message Queuing (CAM / CAFT) is a software component that provides messaging services. CAM provides a "store and forward" messaging framework for applications, and CAFT is an application that utilizes CAM for file transfers. Multiple Computer Associates applications use CAM / CAFT for their messaging requirements. According to the Computer Associates SupportConnect document, the following applications use CAM / CAFT: AdviseIT 2.4 |
Impact
A remote attacker may be able to execute arbitrary code on the CAM / CAFT system with elevated privileges. |
Solution
Upgrade or patch |
Vendor Information
CVSS Metrics
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
References
- http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp
- http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_faqs.asp
- http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32919
- http://secunia.com/advisories/16513/
- http://www.securityfocus.com/bid/14622
- http://osvdb.org/displayvuln.php?osvdb_id=18916
- http://securitytracker.com/alerts/2005/Aug/1014775.html
- http://securitytracker.com/alerts/2005/Aug/1014774.html
- http://securitytracker.com/alerts/2005/Aug/1014773.html
- http://securitytracker.com/alerts/2005/Aug/1014772.html
- http://securitytracker.com/alerts/2005/Aug/1014771.html
- http://securitytracker.com/alerts/2005/Aug/1014770.html
- http://securitytracker.com/alerts/2005/Aug/1014769.html
- http://securitytracker.com/alerts/2005/Aug/1014768.html
- http://securitytracker.com/alerts/2005/Aug/1014767.html
- http://securitytracker.com/alerts/2005/Aug/1014766.html
- http://securitytracker.com/alerts/2005/Aug/1014765.html
- http://securitytracker.com/alerts/2005/Aug/1014764.html
- http://securitytracker.com/alerts/2005/Aug/1014763.html
- http://securitytracker.com/alerts/2005/Aug/1014761.html
- http://securitytracker.com/alerts/2005/Aug/1014760.html
- http://securitytracker.com/alerts/2005/Aug/1014756.html
- http://www.securityfocus.com/bid/14623
Acknowledgements
Thanks to Computer Associates for reporting this vulnerability.
This document was written by Will Dormann.
Other Information
CVE IDs: | CVE-2005-2668 |
Severity Metric: | 13.13 |
Date Public: | 2005-08-19 |
Date First Published: | 2005-08-23 |
Date Last Updated: | 2005-10-21 13:41 UTC |
Document Revision: | 22 |