CVE-2005-2669
CVSS10.0
发布时间 :2005-08-23 00:00:00
修订时间 :2017-11-21 10:32:06
NMCOS    

[原文]Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT packets.


[CNNVD]Computer Associates Message Queuing 任意代码执行漏洞漏洞(CNNVD-200508-223)

        Computer Associates (CA) Message Queuing (CAM / CAFT) Build 220_13之前的1.05和1.07以及Build 29_13之前的1.11允许远程攻击者借助于欺骗CAFT包执行任意命令。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:ca:advantage_data_transport:3.0Computer Associates Advantage Data Transport 3.0
cpe:/a:ca:adviseit:2.4Computer Associates AdviseIT 2.4
cpe:/a:ca:brightstor_portal:11.1Computer Associates BrightStor Portal 11.1
cpe:/a:ca:brightstor_san_manager:1.1Computer Associates BrightStor SAN Manager 1.1
cpe:/a:ca:brightstor_san_manager:1.1:sp1Computer Associates BrightStor SAN Manager 1.1 SP1
cpe:/a:ca:brightstor_san_manager:1.1:sp2Computer Associates BrightStor SAN Manager 1.1 SP2
cpe:/a:ca:brightstor_san_manager:11.1Computer Associates BrightStor SAN Manager 11.1
cpe:/a:ca:cleverpath_aion:10.0Computer Associates CleverPath Aion 10.0
cpe:/a:ca:cleverpath_ecm:3.5Computer Associates CleverPath ECM 3.5
cpe:/a:ca:cleverpath_olap:5.1Computer Associates CleverPath OLAP 5.1
cpe:/a:ca:cleverpath_predictive_analysis_server:2.0Computer Associates CleverPath Predictive Analysis Server 2.0
cpe:/a:ca:cleverpath_predictive_analysis_server:3.0Computer Associates CleverPath Predictive Analysis Server 3.0
cpe:/a:ca:etrust_admin:2.1
cpe:/a:ca:etrust_admin:2.4
cpe:/a:ca:etrust_admin:2.7
cpe:/a:ca:etrust_admin:2.9
cpe:/a:ca:etrust_admin:8.0Computer Associates eTrust Admin 8.0
cpe:/a:ca:etrust_admin:8.1Computer Associates eTrust Admin 8.1
cpe:/a:ca:messaging:1.5Computer Associates CAM 1.5
cpe:/a:ca:messaging:1.7Computer Associates CAM 1.7
cpe:/a:ca:messaging:1.11Computer Associates CAM 1.11
cpe:/a:ca:unicenter_application_performance_monitor:3.0Computer Associates Unicenter Application Performance Monitor 3.0
cpe:/a:ca:unicenter_application_performance_monitor:3.5Computer Associates Unicenter Application Performance Monitor 3.5
cpe:/a:ca:unicenter_asset_management:3.1Computer Associates Unicenter Asset Management 3.1
cpe:/a:ca:unicenter_asset_management:3.2Computer Associates Unicenter Asset Management 3.2
cpe:/a:ca:unicenter_asset_management:3.2:sp1Computer Associates Unicenter Asset Management 3.2 SP1
cpe:/a:ca:unicenter_asset_management:3.2:sp2Computer Associates Unicenter Asset Management 3.2 SP2
cpe:/a:ca:unicenter_asset_management:4.0Computer Associates Unicenter Asset Management 4.0
cpe:/a:ca:unicenter_asset_management:4.0:sp1
cpe:/a:ca:unicenter_data_transport_option:2.0Computer Associates Unicenter Data Transport Option 2.0
cpe:/a:ca:unicenter_enterprise_job_manager:1.0:sp1
cpe:/a:ca:unicenter_enterprise_job_manager:1.0:sp2
cpe:/a:ca:unicenter_jasmine:3.0Computer Associates Unicenter Jasmine 3.0
cpe:/a:ca:unicenter_management:3.5::websphere_mq
cpe:/a:ca:unicenter_management:4.0::lotus_notes_domino
cpe:/a:ca:unicenter_management:4.0::microsoft_exchange
cpe:/a:ca:unicenter_management:4.1::microsoft_exchange
cpe:/a:ca:unicenter_management:5.0::web_servers
cpe:/a:ca:unicenter_management:5.0.1::web_servers
cpe:/a:ca:unicenter_management_portal:2.0Computer Associates Unicenter Management Portal 2.0
cpe:/a:ca:unicenter_management_portal:3.1Computer Associates Unicenter Management Portal 3.1
cpe:/a:ca:unicenter_network_and_systems_management:3.0Computer Associates Unicenter Network and Systems Management 3.0
cpe:/a:ca:unicenter_network_and_systems_management:3.1Computer Associates Unicenter Network and Systems Management 3.1
cpe:/a:ca:unicenter_nsm_wireless_network_management_option:3.0Computer Associates Unicenter NSM Wireless Network Management Option 3.0
cpe:/a:ca:unicenter_performance_management:2.4:sp3:openvmsComputer Associates Unicenter Performance Management for OpenVMS 2.4 SP3
cpe:/a:ca:unicenter_remote_control:6.0Computer Associates Unicenter Remote Control 6.0
cpe:/a:ca:unicenter_remote_control:6.0:sp1Computer Associates Unicenter Remote Control 6.0 SP1
cpe:/a:ca:unicenter_service_level_management:3.0Computer Associates Unicenter Service Level Management 3.0
cpe:/a:ca:unicenter_service_level_management:3.0.1Computer Associates Unicenter Service Level Management 3.0.1
cpe:/a:ca:unicenter_service_level_management:3.0.2Computer Associates Unicenter Service Level Management 3.0.2
cpe:/a:ca:unicenter_service_level_management:3.5Computer Associates Unicenter Service Level Management 3.5
cpe:/a:ca:unicenter_software_delivery:3.0Computer Associates Unicenter Software Delivery 3.0
cpe:/a:ca:unicenter_software_delivery:3.1Computer Associates Unicenter Software Delivery 3.1
cpe:/a:ca:unicenter_software_delivery:3.1:sp1Computer Associates Unicenter Software Delivery 3.1 SP1
cpe:/a:ca:unicenter_software_delivery:3.1:sp2Computer Associates Unicenter Software Delivery 3.1 SP2
cpe:/a:ca:unicenter_software_delivery:4.0Computer Associates Unicenter Software Delivery 4.0
cpe:/a:ca:unicenter_software_delivery:4.0:sp1
cpe:/a:ca:unicenter_tng:2.1Computer Associates Unicenter TNG 2.1
cpe:/a:ca:unicenter_tng:2.2Computer Associates Unicenter TNG 2.2
cpe:/a:ca:unicenter_tng:2.2:::ja
cpe:/a:ca:unicenter_tng:2.4Computer Associates Unicenter TNG 2.4
cpe:/a:ca:unicenter_tng:2.4.2Computer Associates Unicenter TNG 2.4.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2669
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2669
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200508-223
(官方数据源) CNNVD

- 其它链接及资源

http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp
(VENDOR_ADVISORY)  CONFIRM  http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp
http://www.securityfocus.com/bid/14623
(VENDOR_ADVISORY)  BID  14623
http://www.vupen.com/english/advisories/2005/1482
(UNKNOWN)  VUPEN  ADV-2005-1482
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32919
(VENDOR_ADVISORY)  MISC  http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32919

- 漏洞信息

Computer Associates Message Queuing 任意代码执行漏洞漏洞
危急 其他
2005-08-23 00:00:00 2005-10-20 00:00:00
远程※本地  
        Computer Associates (CA) Message Queuing (CAM / CAFT) Build 220_13之前的1.05和1.07以及Build 29_13之前的1.11允许远程攻击者借助于欺骗CAFT包执行任意命令。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Computer Associates CAM 1.11
        Computer Associates CAM 1.11 Build 29_13
        http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_cam111fixes.asp
        Computer Associates CAM 1.07
        Computer Associates CAM 1.07 Build 220_13
        http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_cam107fixes.asp
        Computer Associates CAM 1.05
        Computer Associates CAM 1.07 Build 220_13
        http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_cam107fixes.asp

- 漏洞信息

18917
CA Multiple Products Message Queuing Spoofed CAFT Request Arbitrary Command Execution

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-08-22 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Computer Associates Message Queuing CAFT Spoofing Vulnerability
Origin Validation Error 14623
Yes Yes
2005-08-22 12:00:00 2009-07-12 05:06:00
The discoverer of this issue is currently unknown. The vendor disclosed this issue.

- 受影响的程序版本

Computer Associates Unicenter TNG JPN 2.2
Computer Associates Unicenter TNG 2.4.2
Computer Associates Unicenter TNG 2.4
Computer Associates Unicenter TNG 2.2
Computer Associates Unicenter TNG 2.1
Computer Associates Unicenter Software Delivery 4.0 SP1
Computer Associates Unicenter Software Delivery 4.0
Computer Associates Unicenter Software Delivery 3.1 SP2
Computer Associates Unicenter Software Delivery 3.1 SP1
Computer Associates Unicenter Software Delivery 3.1
Computer Associates Unicenter Software Delivery 3.0
Computer Associates Unicenter Service Level Management 3.5
Computer Associates Unicenter Service Level Management 3.0.2
Computer Associates Unicenter Service Level Management 3.0.1
Computer Associates Unicenter Service Level Management 3.0
Computer Associates Unicenter Remote Control 6.0 SP1
Computer Associates Unicenter Remote Control 6.0
Computer Associates Unicenter Performance Management for OpenVMS 2.4 SP3
Computer Associates Unicenter NSM Wireless Network Management Option 3.0
Computer Associates Unicenter Network and Systems Management 3.1
Computer Associates Unicenter Network and Systems Management 3.0
Computer Associates Unicenter Management Portal 3.1
Computer Associates Unicenter Management Portal 2.0
Computer Associates Unicenter Management for WebSphere MQ 3.5
Computer Associates Unicenter Management for Web Servers 5.0.1
Computer Associates Unicenter Management for Web Servers 5.0
Computer Associates Unicenter Management for Microsoft Exchange 4.1
Computer Associates Unicenter Management for Microsoft Exchange 4.0
Computer Associates Unicenter Management for Lotus Notes/Domino 4.0
Computer Associates Unicenter Jasmine 3.0
Computer Associates Unicenter Enterprise Job Manager 1.0 SP2
Computer Associates Unicenter Enterprise Job Manager 1.0 SP1
Computer Associates Unicenter Data Transport Option 2.0
Computer Associates Unicenter Asset Management 4.0 SP1
Computer Associates Unicenter Asset Management 4.0
Computer Associates Unicenter Asset Management 3.2 SP2
Computer Associates Unicenter Asset Management 3.2 SP1
Computer Associates Unicenter Asset Management 3.2
Computer Associates Unicenter Asset Management 3.1
Computer Associates Unicenter Application Performance Monitor 3.5
Computer Associates Unicenter Application Performance Monitor 3.0
Computer Associates eTrust Admin 8.1
Computer Associates eTrust Admin 8.0
Computer Associates eTrust Admin 2.9
Computer Associates eTrust Admin 2.7
Computer Associates eTrust Admin 2.4
Computer Associates eTrust Admin 2.1
Computer Associates CleverPath Predictive Analysis Server 3.0
Computer Associates CleverPath Predictive Analysis Server 2.0
Computer Associates CleverPath OLAP 5.1
Computer Associates CleverPath ECM 3.5
Computer Associates CleverPath Aion 10.0
Computer Associates CAM 1.11
Computer Associates CAM 1.07
Computer Associates CAM 1.05
Computer Associates BrightStor SAN Manager 11.1
Computer Associates BrightStor SAN Manager 1.1 SP2
Computer Associates BrightStor SAN Manager 1.1 SP1
Computer Associates BrightStor SAN Manager 1.1
Computer Associates BrightStor Portal 11.1
Computer Associates AdviseIT 2.4
Computer Associates Advantage Data Transport 3.0
Computer Associates CAM 1.11 Build 29_13
Computer Associates CAM 1.07 Build 220_13

- 不受影响的程序版本

Computer Associates CAM 1.11 Build 29_13
Computer Associates CAM 1.07 Build 220_13

- 漏洞讨论

CAM is prone to a vulnerability that could permit the spoofing of a CAFT application utilizing the CAM instance. This may ultimately allow the execution of arbitrary commands.

CAFT is a file transfer application that utilizes CAM to send and receive the files. The problem presents itself due to a failure in the CAM service to verify the legitimacy of the CAFT application. An attacker can spoof a legitimate CAFT instance and ultimately execute arbitrary CAM commands with elevated privileges.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

The vendor has released an update addressing this and other issues:


Computer Associates CAM 1.11

Computer Associates CAM 1.07

Computer Associates CAM 1.05

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站