August 2005
CA - Patches Are Now Available To Address CA Message Queuing Vulnerabilities
ID: 00715
Ref: 672/05
Date: 22 August 2005:16:37:10
Version: 1
Title: CA - Patches Are Now Available To Address CA Message Queuing Vulnerabilities
Abstract: Computer Associates have issued a security notice that includes fixes for several vulnerabilities in the CA Message Queuing software.
Vendors affected: Computer Associates
Applications affected: Computer Associates
Title
=====
CA - Patches Are Now Available To Address CA Message Queuing Vulnerabilities
Detail
======
Computer Associates have issued a security notice that includes fixes for
several vulnerabilities in the CA Message Queuing software.
The following are extracts from the notice:
"The CA Customer Support team has recently become aware of several vulnerability issues
in the CA Message Queuing (CAM / CAFT) software:
* The CAM TCP port is potentially vulnerable to a Denial of Service (DoS) attack.
* Buffer overflow conditions can potentially allow arbitrary code to be executed
remotely with elevated privileges.
* Potential to launch a spoof CAFT and allow arbitrary commands to be executed with
elevated privileges."
"This affects all versions of the CA Message Queuing software prior to v1.07 Build 220_13
and v1.11 Build 29_13 on the specified platforms."
The security notice can be viewed at the following URL:
http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp