Security Notice for CA Message Queuing (CAM / CAFT) vulnerability
Issued: July 31, 2007
CA's customer support is alerting customers to a security risk in the CA Message Queuing ( CAM / CAFT) software. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued updates to address the vulnerabilities.
The vulnerability, CVE-2007-0060, is a buffer overflow that can allow a remote attacker to execute arbitrary code by sending a specially crafted message to TCP port 3104.
Affected Versions of CA Message Queuing ( CAM / CAFT)
This vulnerability affects all versions of the CA Message Queuing software prior to v1.11 Build 54_4 on the specified platforms. i.e. CAM versions 1.04, 1.05, 1.06, 1.07, 1.10 (prior to Build 54_4) and 1.11 (prior to Build 54_4).
Advantage Data Transport 3.0
BrightStor SAN Manager 11.1, 11.5
BrightStor Portal 11.1
CleverPath OLAP 5.1
CleverPath ECM 3.5
CleverPath Predictive Analysis Server 2.0, 3.0
CleverPath Aion 10.0
eTrust Admin 2.01, 2.04, 2.07, 2.09, 8.0, 8.1
Unicenter Application Performance Monitor 3.0, 3.5
Unicenter Asset Management 3.1, 3.2, 3.2 SP1, 3.2 SP2, 4.0, 4.0 SP1
Unicenter Data Transport Option 2.0
Unicenter Enterprise Job Manager 1.0 SP1, 1.0 SP2
Unicenter Jasmine 3.0
Unicenter Management for WebSphere MQ 3.5
Unicenter Management for Microsoft Exchange 4.0, 4.1
Unicenter Management for Lotus Notes/Domino 4.0
Unicenter Management for Web Servers 5, 5.0.1
Unicenter NSM 3.0, 3.1
Unicenter NSM 11.0
Unicenter NSM Wireless Network Management Option 3.0
Unicenter Remote Control 6.0, 6.0 SP1
Unicenter Service Level Management 3.0, 3.0.1, 3.0.2, 3.5
Unicenter Software Delivery 3.0, 3.1, 3.1 SP1, 3.1 SP2, 4.0, 4.0 SP1
Unicenter TNG 2.1, 2.2, 2.4, 2.4.2
Unicenter TNG JPN 2.2
Windows and NetWare
Platforms NOT affected
AIX, AS/400, DG Intel, DG Motorola, DYNIX, HP-UX, IRIX, Linux Intel, Linux s/390, MVS, Open VMS, OS/2, OSF1, Solaris Intel, Solaris Sparc and UnixWare.
Determining CAM versions
Simply running camstat will return the version information in the top line of the output on any platform. The camstat command is located in the bin subfolder of the installation directory.
The example below indicates that CAM version 1.11 build 27 increment 2 is running.
CAM - machine.ca.com Version 1.11 (Build 27_2) up 0 days 1:16
Determining the CAM install directory
Windows : The install location is specified by the % CAI_MSQ % environment variable.
Unix/Linux/Mac: The /etc/catngcampath text file holds the CAM install location.
CA has made patches available for all affected products. These patches are independent of the CA Software that installed CAM . Simply select the patch appropriate to the platform, and the installed version of CAM , and follow the patch application instructions. You should also review the product home pages on SupportConnect for any additional product specific instructions.
Solutions for CAM
UAM/AMO Definitions for the CA Message Queuing vulnerabilities
The current Unicenter Asset Management r4 Application Definitions revision includes definitions specially designed to assist administrators in detecting the presence of CA Message Queuing vulnerabilities, as well as other CA product vulnerabilities.
Administrators need only download the current revision using the automated download facility. The download facility is located as a link in the Unicenter Asset Management r4 Admin Console at /Asset Management/<DOMAIN_NAME>/Control Panel/Software, as shown in the figure below.
Once downloaded, the specially designed application definitions identifying a vulnerability will include, on the Description Tab, a message similar to the one shown below:
Upon detection of components featuring a warning message, administrators can copy the link from the description into a browser to obtain current instructions on addressing the vulnerabilities detected.
Please note: Administrators who have not already upgraded beyond Application Definitions Revision are required to perform Software Normalization Procedures in order to upgrade to the current revision. For more information on Application Definitions downloads and Normalization Procedures, refer to the required Software Normalization procedures posted at:
The affected listening port can be disabled by creating or updating CAM 's configuration file, CAM.CFG, with the following entry under the "*CONFIG" section:
The CA Messaging Server must be recycled in order for this to take effect. We advise that products dependent upon CAM should be shutdown prior to recycling CAM . Once dependent products have been shutdown, CAM can be recycled with the following commands:
load cam start
Once CAM has been restarted, any CAM dependent products that were shutdown can be restarted.
CVE-2007-0060 - CA Message Queuing ( CAM / CAFT) Buffer Overflow Vulnerability
CVE-2007-0060 - Paul Mehta of ISS X-Force
Version 1.0: Initial Release
If additional information is required, please contact CA Technical Support at https://support.ca.com.
If you discover a vulnerability in CA products, please report your findings to vuln AT ca DOT com, or utilize our "Submit a Vulnerability" form at https://www.ca.com/us/securityadvisor/vulninfo/submit.aspx.