CA warns customers about security hole

CA warns customers about security hole

Computer Associates customers are at risk from serious security flaws affecting a string of applications on several platforms, the company has warned.

CA warned has of two flaws that could allow attackers to execute malicious code or commands to be executed on enterprise systems, as well as a third, less serious bug that could allow an attacker to crash a system.

The bugs affect CAM (CA Message Queuing), a component found in a large number of CA applications. Affected products include Advantage Data Transport, BrightStor Portal, CleverPath, eTrust Admin and Unicenter.

CA published patches for CAM v1.11 prior to build 29_13, CAM v1.07 prior to Build 220_13, and all versions of CAM v1.05. Links to the patches can be found on CA's website.

"CA strongly recommends the application of the appropriate patch," the company said in an advisory.

The most serious bug is a buffer overflow condition in the CA Message Queueing Server that can be exploited remotely to run arbitrary code with system privileges. The flaw was ranked as "critical" by FrSIRT, the French Security Incident Response Team, the organization's most serious rating. Secunia, which maintains a vulnerabilities database, said the bug was only "moderately critical".

CA also warned of a bug in the CAFT application that could be exploited via specially crafted messages to exploit arbitrary commands. The CAM messaging sub-component is also vulnerable to a denial-of-service bug.

CAM provides "store and forward" messaging for a number of applications. CAFT is a separate application supplied with CAM that works with CAM-enabled applications.

CA has suffered from several high-profile security glitches this year. In May, the company disclosed a serious security flaw in its anti-virus products, one in a series of security software to be hit by such a vulnerability.

In March, malicious hackers released code exploiting a widespread vulnerability in CA software. The exploit code was created just two days after CA warned customers and issued a patch for security holes in its licence and management software, which is shipped with almost all CA products.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments