Network Security & Hardware - eWeek


Battery 500 Project Charged Up over All-Electric Cars
Charting the Final Frontier--Google Maps for Indoors
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


CA Plugs Message-Queuing Buffer Overflows



 By: Ryan Naraine
2005-08-22
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
The software vendor releases patches for "moderately critical" denial-of-service and system access vulnerabilities.

Security flaws in CAs Message Queuing software could put users at risk of denial-of-service and system access attacks, the company warned in an advisory.

The Islandia, N.Y.-based software vendor flagged the vulnerabilities in all versions of the CAM (CA Message Queuing) software prior to v1.07 Build 220_13 and v1.11 Build 29_13 on multiple platforms.

In an alert posted online, Computer Associates International Inc. warned that the flaw opens the CAM TCP port to potential denial-of-service attacks.

Resource Library:
In addition, CA said boundary errors in the affected software can be exploited to cause buffer overflows by sending specially crafted packets to the service.

Read more here about security holes in CA products.

Security alerts aggregator Secunia Inc. rated the bugs as "moderately critical" and warned that an attacker could successfully exploit the boundary errors to launch arbitrary code.

A third vulnerability was also patched to block a possible attack vector in which a spoofed CAFT (a CA application) could be launched to allow the execution of arbitrary commands with elevated privileges.

Computer Associates acquires Qurb, an anti-spam vendor. Click here to read more.

CAM is a messaging subcomponent which provides a "store and forward" messaging framework for applications. A number of CA applications use CAM for messaging requirements. CAFT, supplied with CAM, is an application that utilizes CAM for file transfers. CAFT is driven by messages it receives from CAM-enabled applications.

Software patches for the vulnerabilities can be found in this advisory.

Affected products include several versions of CA Advantage Data Transport, CA BrightStor Portal, CA CleverPath, CA eTrust Admin and CA Unicenter.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.



  Reader Comments: CA Plugs Message-Queuing Buffer Overflows
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Ryan Naraine
 


x}r6*(3EW#Mɖ<Ʋf:U*$%)_/:/qtMJ%33N& 4Fw?HpiOH-JghSãw&$]!ZNUFԫ1enG]̉] ׫Gx%R{'wx;`KQ{QueɔiPلQ͙ۗ>m^~b .pѲGgb ^Qk$Ё#Ek9JGDqERGGEQ>߱1 [tf;v oTYN83q{f/De_XHQIb&[Bq<5n;7W;zV~;B [&QVLߵ#2pj9:dF`VF1`:xtDzf@ ɠâq/!꟔Cp`ÅzSK<{eP=N ]htVu ̿yk׳*CݸxgD-"GlR =q!Fp<=0;zt\a[dYGf42ۼMٰn5T:Ԫr\ˇJ~/M{iL7o8Fu/ jvz `h-vdu]+h0u=;yXm  @'VbDT)Jj\(ϒDC{ajLmhq5 { PT㕒~T7jJxXX+(H.c#I-Lcv=ӧH0CВƌ^8rrn򳩥uo]_]{-o\[gH>߈ekby1=b Jg3Fz3 7g͛Ke{#gkl}jzH GlHG#P\68cUϯq\߃-mz fl U 4}GVK{C{|"J]}q, ߱f\S;Gk_[Qzxxkc"XӔ#R‡ t$ϹyW˝5>Hr Vˡ8ȟ$Wi8@rX=ذ 6,%̛ hJ@{d$e $=hI,E]!fdLK$o# i `Q%u '#8U$Ju}3p@egɇfeY%YWaG"G=-*<ǞZV.>uZ^C 8%gk, ]ezbc\\ԷWJ0V gz\ʡ1q+-~~:bLm41,LX[A^݇`6A!0h vz?3ȜjCݶ_CGstDAG6V^lzK tcj>'ݨ7X8=c_v/}T1>| ZN;=H:P7ZЉχ@%'CMߟu#08w ɝ 5yPͻCiy1&բ!Tfg,ze= } v,߃9#*馥M T<ģA }p ]|'s\( 7^ h{"G4.'P(BHP!9 99y0#!bTLj'9Tv{B#™8Tz(QύgR1b -xkb$d6g2KIMiG0V-&D7r"eL/G7Mᙚ6Z=okVy y=ơsyj尤vQ#U^?uw2MҶǞ}2`M?bf'c~Xz poǦaB?1aѺ)M=--j|ۇ)}آ&5m}f0&[l6g{ΌA Df_ 3kr ww,_zt?8GcNEi菚^r_o2ES|(7n2g/h|+UPƒa"`,+$2[mĞ7(Vf9NrB@S*𯜲,pH@&mпdz?Gw LRd0uf6NI :3XhhO͡vP;24D֒f]X]ۼh@r6ҁviXZ @-Ŀei --X5QW0T: 4)i ŠaYlcy1Cuz ^Iä7uдہcc 96:qoaQ54) Kˌ7q~4EkaZ,<>ph"@7wFRZ'a+\Z`OSj9(Ezu@nzc; ?۠3ǿGRBmC48c$4)>E XXfThjUVL . of ǂ %K ޣЁUraX3ŅebiQ;k-)eC_Hq6Ϯ[-V P(pD30ڠMi=COw]1W=fɰ\R 1 VD ȸau-CaP,<<+h0ց 0 NDbBU.(L0:Jr2b,[TB$f4߂Ēha1:G5Z_{=n2dBT^ej<{LRT j%FZYUKZTp" :?cTFQH.5g<ꗧ8}ό95F>+zCG>3@Y >{Vv0eE@=&%OMp2HU>Cy`/cԧ8PȺU0UESU[+[3؝?FMC\4!|}oS5 pf nUQ=KjJvg `\練~51t]ߘ4`N>ML laƵbR3zy+(U|ly5"QrMuY ;FU4*H!I?랪Q Qռi0TBE-) Bo6 ZmF /7Ÿ ޜbt[ i|դ|X+Gs;Ÿʌg b|r}q6'F{Ȉ4G eWԄƸ4;aʿͭGXLh;6!ڤiH@mXJƭj`.ӪV$,< (<d=ثpM\&eM}J{7<  ~οݚr@|PHΝrQӊ 5`JR'0阣3t@ 2ɢ\'WeR8pLg( ,$$%l,rޏ۷mpHiB?#*S7x~.YSHC+#I xJ8 ӄA*o[/I6"WAxa{I62h$K~Ϻ}i_|>?#8q~_8UGAQA^-{Z\.0MC~ڗ?HݏMi|hc0.[-j2i&A*$p]2|̦Wf}AeXoo~py# sGdG"'~p:Kni{OeKJ:^;jdG, Y#tB^ǧ5vpR`^Qc 5^3l&zik:R_KٺĂ> n՜$"jsMN3$n ʆq)ې}oE19_aݪ,$".&Wtv̝yE9{B*l.i9 C[ `E+Щ #A_RJI$Q#=)#ķf{D '0_/Е[L㷜oWȘID_q+5sz4~&s\1Z9nl"݋B2'V8/=19ڏIE/CqM\qu zsDhDRB9kũ-ޱekOCY(^Hc˹? [6@I5=JPn'i.sK7tKb/ȔbJ4:evޞ,Hq=Yn@ybXýK3/Bvuc!sTgKe  KQk i") -;|C?ORB[LHuT䵤 g[YgUHN~OJ>ʼnl0`$09ϫb~M4zxXtwfu@ڶ'c'<;^bG8ʬS#aZ u + ׅFfo՗W3kd{R̴jПd#g6v1C]rEuM I W=F*=G7o6 2#|gnR3-Ӈ|ǐϣK~=ϸ2]a2w}ʷ>K-T#EkFwWYK 㔏"I'%=ڮ-=اkiXdbQQWفg2~1_kO}re'ћ`!3ȑ&+Ӡ9MH.6 * v<.߭[8)<A~A< v4*);7y8Z=[42UCnuk-Ǵ§u,'iƿ_Wc+ޙU>9d84.H@JbOUL4gxBUj<ŸwwGA/tLVx+E"KC|EܤOʽ4ss2b$91-0xSo4/;˒YD&16wm\YPg0OesT-XQq]qiޛO&ё;3 ,VP(>ƉNR =,F?ÏԂ ,ʰAs^;c -eb9 & +6K#1Cț*aYfi1 ԏ֙vV[h n$yw܏R[JX,XHɔTdy)o?mA$r (qr0qO}=+&= Z(B' hYSj?5O;W(ǞKs}<5,&"(;M1)C#8[vO5πoxK]IA}I,AOʕTЊrI<-F>(> 2kK"ak aou4%,JBl쌁%/E_呼_Jjm]i/Efa%PQs"hKao)e <DZB_!hc}|;HYR@m t^4e3Ks@:i_6%~x[ O.ЈXvd'0@C@iE4;U7ډXJH,Ze[b)4it(}ґNRK)𓉉ga$ne+;j9.{.b5Cr?Dp#dI*K#)SqRb7mkUz:E1Cs~FBG*TjL,Pۉ=@Sݣ+H(vM{+KI* $!̃"JC[/z*n+%^\K?TJc>g%׸i\׈ճ /x> ϦtEJzh0@/ڒN_vKL(~Jhpuwq_j"6"g(H" "!r2嫠k3 oIs9U`vsd֬(3P1u}[RBv>&#]:R_tAuW:s{-5ŋP+(FX1ň(~=AR@`7t)ǖ[ye>?=P@af8d9f#}ˁhA.<+']gd.ie~̬̬̬̬fJAS_5w vfW1^`J%vDKrhB[,z~@g stς?"Ib^-9~V<?^揶F}jKxԙ~Gc>x-@I~+h=Ɋ~Axrg~n\}c7b8HݽǙ!5,HYǸ럨=r<_;d 9C ' q@v})ZDԟX `"l]Sqr<k_ݗ`ܟ\6N> _}$Do_rBA1p:6@?k=[rl)׸QшqF / q'L}LԟR-+/'a?yL&9Iu~H/K{vi[ 2'\ݶ87(C̳vװd=I^=IŔ%6Y.#;g((=dcuB!L7ۏL]I aJjadP}$FZtyϹgD8quENm1'^ 0R#V&GB8AXJߘD P`aWh`8҈F  /(_7`cIkaǰ>FSYh%_!icb9WjP]͹NQ. ]Z˽XjuZ.{f@]&^.ME(8+3HuPNo%]UP*$4@i9׼(*t@ 6VG󼪘"y?L6փWM{aW@lS=ij;yb+'-湻sx"(ͲNDD`h*{{d 1z&3]TzXjK 0ʖ[xNt -hR?d_jR.mgI*@4`}"ZlR$ufKs|RxHh7:}yjUS*ZZQ#0{cڰj`VTɵF.cNMXC U!TQnTkbD .o3FwcӠ_W1h=G@#  Ĉ[ bV&wܠf~z*ڟ'^fsB =Nl~C&*W5;-Dk;C;O2r%W0OyLnmd+VzK";{| &̊XH t<.$;=~%}LfROa9LvsCRY 醵`Mi$b ӓ"vFf.Bd02!N꭛VgF\nz~uC @ 嵉Dp@RXțEP@$EsK0NG'lI|T+2tA,:r˘:){χ\n|J?DrБ`b'rsח=P)`dDu2Dt02*%bg&cP9 xE {׽nrj5-i`I; ᑰ 5"tTۈ9S"F9L۰lFLN'uoA"۾blU^(l+wxc||> Dj7Mΰ"@[ g o c Q@Ĕ67+I8F|v`:>0<(S[]ĝ/]38OqW'FgC:X@ 33f;.9t:U@ gP:ϜlQغ9Pq.5$Lj&1It!CK/HFzNsx I~~wˈ_`$Bc|EWoVR%T ~(>gޕa)h?oSwV3le,M -Mȕ@ZAȘq~;~@|TBzX\Sݾ昫7.>5iV>NWv.7x ZѶpt{ԝsm~>^}>k_ۗ\`&FoTY煾DQ(;OzYi1=eNq(gE B,rԗ,xE^/>*U`(~|L,a^e5DM@2:Ll+U=fi؊sm9 g9^L%(CE@o􁖣AKagk GM* cF8)nu:e+WUj^*Q^m\9^d ?gd_CPj## ݌t&H?g |hq}y;W?oOo7sv3#hgڗvF?2?C">vNtw~' >ී৓g'>;@ D'H~ew {1?s w1~]h7]? ͐/W@Wq2_\gO诟A@?֧A_ SV:SF>>eoҁ~o2ɨ&s$eC._OpN2KI /Wa uy~@zJ͠2,c2\.2sܾw2~RAi_vuи CJW=k /dmtZ8VҦnp_l ΣB_(  V敭I="xEq\*gل}@CXy#u Jܓs+Z`~H逷\]d}+er6VD-VcbMx{,xlǾJ#sb¾Ⱦѫ{$"%YØ/ܺ CzˆnQ?e`o`fE@' @8_Es9MA71[נ_dVl<-4&\ej(+@J~@qf?f:xf_zHq1j|h|V+'K j*{ςoDTN)pB ;(RKtAc̝>6Zy#=C>jpO_B17Mg>$5sC\ԴZjRs%׈d-8 3􀇀#jJUN-aX,Ng /($@%X {%}Ciy=q̐Ga*1Vѕ;BDK"щUۣba *Jj"aQKp^'WvŐbG0~;P`K9؞9z^͇,%r!gLߟSϤKTl&&ήwuG@;Sc#ӄ;Ìc,!1fzT}z<83mJN+gL#[ WHGw0 J/.ӮGx#K^,Vkb 5tP=_4nv–'*\G;!m/_Nc̓] >38AR:=fهܽ0t;AW.ҡw& p p1.`oN}X v7n+j`5v%`׷b5c*[調ԙ@Ы~F?m &*Y Ar2F"eu%ar1l$f~e7WF]Hn1vpj.l[8=ۺ9l؆,`lnԙ%O_|y  $Gl7fѦ+Ҥ$r 2 /a ~#pIi)KLtk$?u60-dt{x _ݫu=v`"sH!L&dϒW[l,))Tv$ї]5 y 0th^ ={w$>}P.q5sEEבE$*JhӄZ{JfBZny;6MAW4~з)%,HNSP}HO-N5ONk.lۃcWeޘ0D00㏉{ v E ^{ #E3$0Z<ASĠC)de _4U6twd9Hr&zU h$.7="VDwΖl'OIcw]/I)H[aȹD.NwVAx/Բ'x*D|IBO/3.u ,sD+Rςe֌zLT zʴ ៶Xl3%^z'Ik=G}k[VeɄK!lF> u3u(VXw|6(6؋|%K' ϻW6K} 3 wT)QM9Dv3_l_vl\V88vRCKA=4 Okeh[b }ic%p'! X^0wخ;qV't#9e5FvU$ d|$_Oxƪ~Saxr}F=жU7dM-IU`c^hFq:h I W9:-|0qGĶ2]|R4͜epvRvc ;93_-rΦϖWtm<ml/>yGW=Fa|ht%+FM`Wpۂ{iWeRpCV)tnO싰ANxu_X ( # Lwno`n)ZF1uVB (c4AL?aɟ]챺Wqڮ7(GLcݰȰ+`jk7D]YtA<黶w{#\7mȰ+]ycQ1Vovf$оs,alX oV|޸M7Ϗq`h2[uG{0^5϶0N&m+LXI@ qs.-Bun4Mb9"[^^IidžavX53},@a)5|dn~ӧ f8S'2^{HvdZU Z-14Mo̓gkV"K#gy- `5>gvE&zh.&Ա`=|v18Y~F6s3a=E`0MZV/|jgW Y-1!Dt9)y_sd&P?8هl~H&*,[k+нD~xFs-^P?ɑ>sχAĂ+<"e})Ix)/ρ.?IG\8b@T,zf?Pu/YӾ|]*'t[??;%z_Za~BeFD4J7ъE:?CK7nyIݏM)h!/=R$Du $B|Wf}!/ k~}'Wh<k<#@-ZY$IL#;ov['- {\֒CX-lu; o]F'eh|N9VKI+^ͦGH5}6tcLp )ͱeRX[`l/Z.*