CVE-2007-0060

Current Description

Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.

Basic Data

PublishedJuly 26, 2007
Last ModifiedOctober 16, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityMEDIUM
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score9.3
SeverityHIGH
Exploitability Score8.6
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationCaAdvantage Data Transport3.0*******
    2.3ApplicationCaBrightstor Portal11.1*******
    2.3ApplicationCaBrightstor San Manager11.1*******
    2.3ApplicationCaBrightstor San Manager11.5*******
    2.3ApplicationCaCleverpath Aion10.0*******
    2.3ApplicationCaCleverpath Ecm3.5*******
    2.3ApplicationCaCleverpath Olap5.1*******
    2.3ApplicationCaCleverpath Predictive Analysis Server2.0*******
    2.3ApplicationCaCleverpath Predictive Analysis Server3.0*******
    2.3ApplicationCaEtrust Admin2.1*******
    2.3ApplicationCaEtrust Admin2.4*******
    2.3ApplicationCaEtrust Admin2.7*******
    2.3ApplicationCaEtrust Admin2.9*******
    2.3ApplicationCaEtrust Admin8.0*******
    2.3ApplicationCaEtrust Admin8.1*******
    2.3ApplicationCaUnicenter Application Performance Monitor3.0*******
    2.3ApplicationCaUnicenter Application Performance Monitor3.5*******
    2.3ApplicationCaUnicenter Asset Management3.1*******
    2.3ApplicationCaUnicenter Asset Management3.2*******
    2.3ApplicationCaUnicenter Asset Management3.2sp1******
    2.3ApplicationCaUnicenter Asset Management3.2sp2******
    2.3ApplicationCaUnicenter Asset Management4.0*******
    2.3ApplicationCaUnicenter Asset Management4.0sp1******
    2.3ApplicationCaUnicenter Data Transport Option2.0*******
    2.3ApplicationCaUnicenter Enterprise Job Manager1.0sp1******
    2.3ApplicationCaUnicenter Enterprise Job Manager1.0sp2******
    2.3ApplicationCaUnicenter Jasmine3.0*******
    2.3ApplicationCaUnicenter Management4.0*lotus_notes_domino*****
    2.3ApplicationCaUnicenter Management4.0*microsoft_exchange*****
    2.3ApplicationCaUnicenter Management4.1*microsoft_exchange*****
    2.3ApplicationCaUnicenter Management5.0*web_servers*****
    2.3ApplicationCaUnicenter Management5.0.1*web_servers*****
    2.3ApplicationCaUnicenter Network And Systems Management3.0*******
    2.3ApplicationCaUnicenter Network And Systems Management3.1*******
    2.3ApplicationCaUnicenter Nsm Wireless Network Management Option3.0*******
    2.3ApplicationCaUnicenter Remote Control6.0*******
    2.3ApplicationCaUnicenter Remote Control6.0sp1******
    2.3ApplicationCaUnicenter Service Level Management3.0*******
    2.3ApplicationCaUnicenter Service Level Management3.0.1*******
    2.3ApplicationCaUnicenter Service Level Management3.0.2*******
    2.3ApplicationCaUnicenter Service Level Management3.5*******
    2.3ApplicationCaUnicenter Software Delivery3.0*******
    2.3ApplicationCaUnicenter Software Delivery3.1*******
    2.3ApplicationCaUnicenter Software Delivery3.1sp1******
    2.3ApplicationCaUnicenter Software Delivery3.1sp2******
    2.3ApplicationCaUnicenter Software Delivery4.0*******
    2.3ApplicationCaUnicenter Software Delivery4.0sp1******
    2.3ApplicationCaUnicenter Tng2.1*******
    2.3ApplicationCaUnicenter Tng2.2*******
    2.3ApplicationCaUnicenter Tng2.2**ja****
    2.3ApplicationCaUnicenter Tng2.4*******
    2.3ApplicationCaUnicenter Tng2.4.2*******

Vulnerable Software List

VendorProductVersions
Ca Unicenter Remote Control 6.0
Ca Brightstor Portal 11.1
Ca Brightstor San Manager 11.1, 11.5
Ca Cleverpath Ecm 3.5
Ca Cleverpath Olap 5.1
Ca Cleverpath Predictive Analysis Server 2.0, 3.0
Ca Etrust Admin 2.1, 2.4, 2.7, 2.9, 8.0, 8.1
Ca Unicenter Application Performance Monitor 3.0, 3.5
Ca Unicenter Data Transport Option 2.0
Ca Unicenter Enterprise Job Manager 1.0
Ca Unicenter Jasmine 3.0
Ca Unicenter Management 4.0, 4.1, 5.0, 5.0.1
Ca Unicenter Tng 2.1, 2.2, 2.4, 2.4.2
Ca Unicenter Service Level Management 3.0, 3.0.1, 3.0.2, 3.5
Ca Unicenter Network And Systems Management 3.0, 3.1
Ca Unicenter Software Delivery 3.0, 3.1, 4.0
Ca Cleverpath Aion 10.0
Ca Unicenter Nsm Wireless Network Management Option 3.0
Ca Unicenter Asset Management 3.1, 3.2, 4.0
Ca Advantage Data Transport 3.0

References

NameSourceURLTags
26190http://secunia.com/advisories/26190SECUNIAThird Party Advisory
http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asphttp://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.aspCONFIRMVendor Advisory
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809CONFIRMVendor Advisory
20070724 CA Message Queuing Server (Cam.exe) Overflowhttp://www.iss.net/threats/272.htmlISSBroken Link
20070725 [CAID 35527]: CA Message Queuing (CAM / CAFT) Buffer Overflow Vulnerabilityhttp://www.securityfocus.com/archive/1/474602/100/0/threadedBUGTRAQ
25051http://www.securityfocus.com/bid/25051BIDThird Party Advisory VDB Entry
1018449http://www.securitytracker.com/id?1018449SECTRACKThird Party Advisory VDB Entry
ADV-2007-2638http://www.vupen.com/english/advisories/2007/2638VUPENThird Party Advisory
systems-management-bo(32234)https://exchange.xforce.ibmcloud.com/vulnerabilities/32234XFThird Party Advisory VDB Entry