Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » CA struck by another security hole

CA struck by another security hole

by Nikola Strahija on August 24th, 2005 Computer Associates has warned customers that they are at risk from serious security flaws affecting a string of applications on several platforms.


CA warned about two flaws that could allow attackers to execute malicious code or commands to be executed on enterprise systems, as well as a third, less serious bug that could allow an attacker to crash a system.

The bugs affect CAM (CA Message Queuing), a component found in a large number of CA applications. Affected products include Advantage Data Transport, BrightStor Portal, CleverPath, eTrust Admin and Unicenter.

CA published patches for CAM v1.11 prior to build 29_13, CAM v1.07 prior to Build 220_13, and all versions of CAM v1.05. Links to the patches can be found on CA's website.
"CA strongly recommends the application of the appropriate patch," the company said in an advisory.

The most serious bug is a buffer overflow condition in the CA Message Queueing Server that can be exploited remotely to run arbitrary code with system privileges. The flaw was ranked as "critical" by FrSIRT, the organisation's most serious rating. Secunia, which maintains a vulnerabilities database, said the bug was only "moderately critical".

CA also warned of a bug in the CAFT application that could be exploited via specially crafted messages to exploit arbitrary commands. The CAM messaging sub-component is also vulnerable to a denial-of-service bug.

CAM provides "store and forward" messaging for a number of applications. CAFT is a separate application supplied with CAM that works with CAM-enabled applications.
CA has suffered from several high-profile security glitches this year. In May, the company disclosed a serious security flaw in its anti-virus products, one in a series of security software to be hit by such a vulnerability.

In March, malicious hackers released code exploiting a widespread vulnerability in CA software. The exploit code was created just two days after CA warned customers and issued a patch for security holes in its licence and management software, which is shipped with almost all CA products.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »