Follow @discotekdotca
CVE-2007-0060
Current Description
Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.
Basic Data
| Published | July 26, 2007 |
|---|---|
| Last Modified | October 16, 2018 |
| Assigner | cve@mitre.org |
| Data Type | CVE |
| Data Format | MITRE |
| Data Version | 4.0 |
| Problem Type | NVD-CWE-Other |
| CVE Data Version | 4.0 |
Base Metric V2
| CVSS 2 - Version | 2.0 |
|---|---|
| CVSS 2 - Vector String | AV:N/AC:M/Au:N/C:C/I:C/A:C |
| CVSS 2 - Access Vector | NETWORK |
| CVSS 2 - Access Complexity | MEDIUM |
| CVSS 2 - Authentication | NONE |
| CVSS 2 - Confidentiality Impact | COMPLETE |
| CVSS 2 - Availability Impact | COMPLETE |
| CVSS 2 - Base Score | 9.3 |
| Severity | HIGH |
| Exploitability Score | 8.6 |
| Impact Score | 10.0 |
| Obtain All Privilege | true |
| Obtain User Privilege | false |
| Obtain Other Privilege | false |
Base Metric V3
No data provided.
Configurations
-
OR - Configuration 1
Cpe Version Part Vendor Product Version Update Edition Language SW Edition Target SW Target HW Other Version Start Including Version End Including Version Start Excluding Version End Excluding 2.3 Application Ca Advantage Data Transport 3.0 * * * * * * * � � � � 2.3 Application Ca Brightstor Portal 11.1 * * * * * * * � � � � 2.3 Application Ca Brightstor San Manager 11.1 * * * * * * * � � � � 2.3 Application Ca Brightstor San Manager 11.5 * * * * * * * � � � � 2.3 Application Ca Cleverpath Aion 10.0 * * * * * * * � � � � 2.3 Application Ca Cleverpath Ecm 3.5 * * * * * * * � � � � 2.3 Application Ca Cleverpath Olap 5.1 * * * * * * * � � � � 2.3 Application Ca Cleverpath Predictive Analysis Server 2.0 * * * * * * * � � � � 2.3 Application Ca Cleverpath Predictive Analysis Server 3.0 * * * * * * * � � � � 2.3 Application Ca Etrust Admin 2.1 * * * * * * * � � � � 2.3 Application Ca Etrust Admin 2.4 * * * * * * * � � � � 2.3 Application Ca Etrust Admin 2.7 * * * * * * * � � � � 2.3 Application Ca Etrust Admin 2.9 * * * * * * * � � � � 2.3 Application Ca Etrust Admin 8.0 * * * * * * * � � � � 2.3 Application Ca Etrust Admin 8.1 * * * * * * * � � � � 2.3 Application Ca Unicenter Application Performance Monitor 3.0 * * * * * * * � � � � 2.3 Application Ca Unicenter Application Performance Monitor 3.5 * * * * * * * � � � � 2.3 Application Ca Unicenter Asset Management 3.1 * * * * * * * � � � � 2.3 Application Ca Unicenter Asset Management 3.2 * * * * * * * � � � � 2.3 Application Ca Unicenter Asset Management 3.2 sp1 * * * * * * � � � � 2.3 Application Ca Unicenter Asset Management 3.2 sp2 * * * * * * � � � � 2.3 Application Ca Unicenter Asset Management 4.0 * * * * * * * � � � � 2.3 Application Ca Unicenter Asset Management 4.0 sp1 * * * * * * � � � � 2.3 Application Ca Unicenter Data Transport Option 2.0 * * * * * * * � � � � 2.3 Application Ca Unicenter Enterprise Job Manager 1.0 sp1 * * * * * * � � � � 2.3 Application Ca Unicenter Enterprise Job Manager 1.0 sp2 * * * * * * � � � � 2.3 Application Ca Unicenter Jasmine 3.0 * * * * * * * � � � � 2.3 Application Ca Unicenter Management 4.0 * lotus_notes_domino * * * * * � � � � 2.3 Application Ca Unicenter Management 4.0 * microsoft_exchange * * * * * � � � � 2.3 Application Ca Unicenter Management 4.1 * microsoft_exchange * * * * * � � � � 2.3 Application Ca Unicenter Management 5.0 * web_servers * * * * * � � � � 2.3 Application Ca Unicenter Management 5.0.1 * web_servers * * * * * � � � � 2.3 Application Ca Unicenter Network And Systems Management 3.0 * * * * * * * � � � � 2.3 Application Ca Unicenter Network And Systems Management 3.1 * * * * * * * � � � � 2.3 Application Ca Unicenter Nsm Wireless Network Management Option 3.0 * * * * * * * � � � � 2.3 Application Ca Unicenter Remote Control 6.0 * * * * * * * � � � � 2.3 Application Ca Unicenter Remote Control 6.0 sp1 * * * * * * � � � � 2.3 Application Ca Unicenter Service Level Management 3.0 * * * * * * * � � � � 2.3 Application Ca Unicenter Service Level Management 3.0.1 * * * * * * * � � � � 2.3 Application Ca Unicenter Service Level Management 3.0.2 * * * * * * * � � � � 2.3 Application Ca Unicenter Service Level Management 3.5 * * * * * * * � � � � 2.3 Application Ca Unicenter Software Delivery 3.0 * * * * * * * � � � � 2.3 Application Ca Unicenter Software Delivery 3.1 * * * * * * * � � � � 2.3 Application Ca Unicenter Software Delivery 3.1 sp1 * * * * * * � � � � 2.3 Application Ca Unicenter Software Delivery 3.1 sp2 * * * * * * � � � � 2.3 Application Ca Unicenter Software Delivery 4.0 * * * * * * * � � � � 2.3 Application Ca Unicenter Software Delivery 4.0 sp1 * * * * * * � � � � 2.3 Application Ca Unicenter Tng 2.1 * * * * * * * � � � � 2.3 Application Ca Unicenter Tng 2.2 * * * * * * * � � � � 2.3 Application Ca Unicenter Tng 2.2 * * ja * * * * � � � � 2.3 Application Ca Unicenter Tng 2.4 * * * * * * * � � � � 2.3 Application Ca Unicenter Tng 2.4.2 * * * * * * * � � � �
Vulnerable Software List
| Vendor | Product | Versions |
|---|---|---|
| Ca | Unicenter Remote Control | 6.0 |
| Ca | Brightstor Portal | 11.1 |
| Ca | Brightstor San Manager | 11.1, 11.5 |
| Ca | Cleverpath Ecm | 3.5 |
| Ca | Cleverpath Olap | 5.1 |
| Ca | Cleverpath Predictive Analysis Server | 2.0, 3.0 |
| Ca | Etrust Admin | 2.1, 2.4, 2.7, 2.9, 8.0, 8.1 |
| Ca | Unicenter Application Performance Monitor | 3.0, 3.5 |
| Ca | Unicenter Data Transport Option | 2.0 |
| Ca | Unicenter Enterprise Job Manager | 1.0 |
| Ca | Unicenter Jasmine | 3.0 |
| Ca | Unicenter Management | 4.0, 4.1, 5.0, 5.0.1 |
| Ca | Unicenter Tng | 2.1, 2.2, 2.4, 2.4.2 |
| Ca | Unicenter Service Level Management | 3.0, 3.0.1, 3.0.2, 3.5 |
| Ca | Unicenter Network And Systems Management | 3.0, 3.1 |
| Ca | Unicenter Software Delivery | 3.0, 3.1, 4.0 |
| Ca | Cleverpath Aion | 10.0 |
| Ca | Unicenter Nsm Wireless Network Management Option | 3.0 |
| Ca | Unicenter Asset Management | 3.1, 3.2, 4.0 |
| Ca | Advantage Data Transport | 3.0 |
References
| Name | Source | URL | Tags |
|---|---|---|---|
| 26190 | http://secunia.com/advisories/26190 | SECUNIA | Third Party Advisory |
| http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp | http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp | CONFIRM | Vendor Advisory |
| http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809 | http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809 | CONFIRM | Vendor Advisory |
| 20070724 CA Message Queuing Server (Cam.exe) Overflow | http://www.iss.net/threats/272.html | ISS | Broken Link |
| 20070725 [CAID 35527]: CA Message Queuing (CAM / CAFT) Buffer Overflow Vulnerability | http://www.securityfocus.com/archive/1/474602/100/0/threaded | BUGTRAQ | |
| 25051 | http://www.securityfocus.com/bid/25051 | BID | Third Party Advisory VDB Entry |
| 1018449 | http://www.securitytracker.com/id?1018449 | SECTRACK | Third Party Advisory VDB Entry |
| ADV-2007-2638 | http://www.vupen.com/english/advisories/2007/2638 | VUPEN | Third Party Advisory |
| systems-management-bo(32234) | https://exchange.xforce.ibmcloud.com/vulnerabilities/32234 | XF | Third Party Advisory VDB Entry |