CVE-2007-0060

Severity

93%

Complexity

86%

Confidentiality

165%

Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.

Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.

CVSS 2.0 Base Score 9.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:C/I:C/A:C).

Overview

Type

Computer Associates

First reported 17 years ago

2007-07-26 00:30:00

Last updated 6 years ago

2018-10-16 16:30:00

Affected Software

Computer Associates Advantage Data Transport 3.0

3.0

Computer Associates BrightStor Portal 11.1

11.1

Computer Associates BrightStor SAN Manager 11.1

11.1

Computer Associates BrightStor SAN Manager 11.5

11.5

Computer Associates CleverPath Aion 10.0

10.0

Computer Associates CleverPath ECM 3.5

3.5

Computer Associates CleverPath OLAP 5.1

5.1

Computer Associates CleverPath Predictive Analysis Server 2.0

2.0

Computer Associates CleverPath Predictive Analysis Server 3.0

3.0

Computer Associates eTrust Admin 8.0

8.0

Computer Associates eTrust Admin 8.1

8.1

Computer Associates Unicenter Application Performance Monitor 3.0

3.0

Computer Associates Unicenter Application Performance Monitor 3.5

3.5

Computer Associates Unicenter Asset Management 3.1

3.1

Computer Associates Unicenter Asset Management 3.2

3.2

Computer Associates Unicenter Asset Management 3.2 SP1

3.2

Computer Associates Unicenter Asset Management 3.2 SP2

3.2

Computer Associates Unicenter Asset Management 4.0

4.0

Computer Associates Unicenter Data Transport Option 2.0

2.0

Computer Associates Unicenter Jasmine 3.0

3.0

Computer Associates Unicenter Network and Systems Management 3.0

3.0

Computer Associates Unicenter Network and Systems Management 3.1

3.1

Computer Associates Unicenter NSM Wireless Network Management Option 3.0

3.0

Computer Associates Unicenter Remote Control 6.0

6.0

Computer Associates Unicenter Remote Control 6.0 SP1

6.0

Computer Associates Unicenter Service Level Management 3.0

3.0

Computer Associates Unicenter Service Level Management 3.0.1

3.0.1

Computer Associates Unicenter Service Level Management 3.0.2

3.0.2

Computer Associates Unicenter Service Level Management 3.5

3.5

Computer Associates Unicenter Software Delivery 3.0

3.0

Computer Associates Unicenter Software Delivery 3.1

3.1

Computer Associates Unicenter Software Delivery 3.1 SP1

3.1

Computer Associates Unicenter Software Delivery 3.1 SP2

3.1

Computer Associates Unicenter Software Delivery 4.0

4.0

Computer Associates Unicenter TNG 2.1

2.1

Computer Associates Unicenter TNG 2.2

2.2

Computer Associates Unicenter TNG 2.4

2.4

Computer Associates Unicenter TNG 2.4.2

2.4.2

References

26190

Third Party Advisory

http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp

Vendor Advisory

http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809

Vendor Advisory

20070724 CA Message Queuing Server (Cam.exe) Overflow

Broken Link

20070725 [CAID 35527]: CA Message Queuing (CAM / CAFT) Buffer Overflow Vulnerability

25051

Third Party Advisory, VDB Entry

1018449

Third Party Advisory, VDB Entry

ADV-2007-2638

Third Party Advisory

systems-management-bo(32234)

Third Party Advisory, VDB Entry

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.