HighProventia Server IPS for Linux technology, Proventia Desktop, Proventia Network IPS, Proventia-G 1.1 and earlier, Proventia Network MFS, BlackICE Server Protection, Proventia Server IPS for Microsoft Windows technology, BlackICE PC Protection, RealSecure Network, RealSecure Server Sensor:
This signature detects attempts to exploit a possible buffer overflow in a partiular systems management application by specifying a user-defined string length which is longer than the receiving buffer on the stack.
Proventia Server IPS for Linux technology, Proventia Desktop, Proventia Network IPS, Proventia-G 1.1 and earlier, Proventia Network MFS, BlackICE Server Protection, Proventia Server IPS for Microsoft Windows technology, BlackICE PC Protection, RealSecure Network, RealSecure Server Sensor: This traffic cannot be positively identified. You must correlate this event with system vulnerability information to confirm malicious intentions.
High
Proventia Server IPS for Linux technology: 1.96, Proventia Desktop: 1970, Proventia Network IPS: XPU 1.96, Proventia-G 1.1 and earlier: XPU 24.57, Proventia Network MFS: XPU 1.96, BlackICE Server Protection: 3.6.cqc, Proventia Server IPS for Microsoft Windows technology: 1.0.914.1970, BlackICE PC Protection: 3.6cqc, RealSecure Network: XPU 24.57, RealSecure Server Sensor: XPU 24.57
CA Unicenter TNG: 2.1, CA Unicenter TNG: 2.4, CA Unicenter TNG: 2.4.2, CA Unicenter Remote Control: 6.0, CA Unicenter Asset Management: 4.0, CA Advantage Data Transport: 3.0, CA BrightStor SAN Manager: 11.1, CA BrightStor Portal: 11.1, CA CleverPath OLAP: 5.1, CA CleverPath ECM: 3.5, CA CleverPath Predictive Analysis Server: 2.0, CA CleverPath Predictive Analysis Server: 3.0, CA CleverPath Aion: 10.0, CA eTrust Admin: 2.01, CA eTrust Admin: 2.04, CA eTrust Admin: 2.07, CA eTrust Admin: 2.09, CA eTrust Admin: 8.0, CA eTrust Admin: 8.1, CA Unicenter Application Performance Monitor: 3.0, CA Unicenter Application Performance Monitor: 3.5, CA Unicenter Asset Management: 3.1, CA Unicenter Asset Management: 3.2, CA Unicenter Asset Management: 3.2 SP1, CA Unicenter Asset Management: 3.2 SP2, CA Unicenter Asset Management: 4.0 SP1, CA Unicenter Data Transport Option: 2.0, CA Unicenter Enterprise Job Manager: 1.0 SP1, CA Unicenter Enterprise Job Manager: 1.0 SP2, CA Unicenter Jasmine: 3.0, CA Unicenter Management WebSphere MQ: 3.5, CA Unicenter Management Microsoft Exchange: 4.0, CA Unicenter Management Microsoft Exchange: 4.1, CA Unicenter Management Lotus Note Domino: 4.0, CA Unicenter Management Web Servers: 5, CA Unicenter Management Web Servers: 5.0.1, CA Unicenter NSM: 3.0, CA Unicenter NSM: 3.1, CA Unicenter NSM Wireless Network Management Option: 3.0, CA Unicenter Remote Control: 6.0 SP1, CA Unicenter Service Level Management: 3.0, CA Unicenter Software Delivery: 3.1 SP1, CA Unicenter Software Delivery: 3.1 SP2, CA Unicenter Software Delivery: 4.0, CA Unicenter Software Delivery: 4.0 SP1, CA Unicenter TNG JPN: 2.2, CA Unicenter Service Level Management: 3.0.2, CA Unicenter Service Level Management: 3.5, CA Unicenter Software Delivery: 3.0, CA Unicenter Software Delivery: 3.1, CA BrightStor SAN Manager: 11.5, CA Unicenter TNG: 2.2, CA Unicenter Service Level Management: 3.0.1
Unauthorized Access Attempt
The CA Message Queuing server (CAM/CAFT), including in various Computer Associates' products, is vulnerable to a stack-based buffer overflow. By sending a specially-crafted request to TCP port 3104, a remote attacker could overflow a buffer and execute arbitrary code on the system with SYSTEM privileges.
Refer to the CA SupportConnect document dated July 24th, 2007 "Security Notice for CA Message Queuing (CAM / CAFT) vulnerability", for patch, upgrade, or suggested workaround information. See References.
CA SupportConnect July 24th, 2007
Security Notice for CA Message Queuing (CAM / CAFT) vulnerability
http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp
IBM Internet Security Systems Protection Advisory July 24, 2007
CA Message Queuing Server (Cam.exe) Overflow
http://www.iss.net/threats/272.html
ISS X-Force
Computer Associates (CA) Message Queuing buffer overflow
http://www.iss.net/security_center/static/32234.php
CVE
CVE-2007-0060
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0060