Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-0060

Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.

Published

2007-07-26T00:30:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	broadcom	advantage_data_transport	3.0	Yes
Application	broadcom	brightstor_portal	11.1	Yes
Application	broadcom	brightstor_san_manager	11.1	Yes
Application	broadcom	brightstor_san_manager	11.5	Yes
Application	broadcom	cleverpath_aion	10.0	Yes
Application	broadcom	cleverpath_ecm	3.5	Yes
Application	broadcom	cleverpath_olap	5.1	Yes
Application	broadcom	cleverpath_predictive_analysis_server	2.0	Yes
Application	broadcom	cleverpath_predictive_analysis_server	3.0	Yes
Application	broadcom	etrust_admin	8.0	Yes
Application	broadcom	etrust_admin	8.1	Yes
Application	broadcom	unicenter_application_performance_monitor	3.0	Yes
Application	broadcom	unicenter_application_performance_monitor	3.5	Yes
Application	broadcom	unicenter_asset_management	3.1	Yes
Application	broadcom	unicenter_asset_management	3.2	Yes
Application	broadcom	unicenter_asset_management	3.2	Yes
Application	broadcom	unicenter_asset_management	3.2	Yes
Application	broadcom	unicenter_asset_management	4.0	Yes
Application	broadcom	unicenter_data_transport_option	2.0	Yes
Application	broadcom	unicenter_jasmine	3.0	Yes
Application	broadcom	unicenter_network_and_systems_management	3.0	Yes
Application	broadcom	unicenter_network_and_systems_management	3.1	Yes
Application	broadcom	unicenter_nsm_wireless_network_management_option	3.0	Yes
Application	broadcom	unicenter_remote_control	6.0	Yes
Application	broadcom	unicenter_remote_control	6.0	Yes
Application	broadcom	unicenter_service_level_management	3.0	Yes
Application	broadcom	unicenter_service_level_management	3.0.1	Yes
Application	broadcom	unicenter_service_level_management	3.0.2	Yes
Application	broadcom	unicenter_service_level_management	3.5	Yes
Application	broadcom	unicenter_software_delivery	3.0	Yes
Application	broadcom	unicenter_software_delivery	3.1	Yes
Application	broadcom	unicenter_software_delivery	3.1	Yes
Application	broadcom	unicenter_software_delivery	3.1	Yes
Application	broadcom	unicenter_software_delivery	4.0	Yes
Application	broadcom	unicenter_tng	2.1	Yes
Application	broadcom	unicenter_tng	2.2	Yes
Application	broadcom	unicenter_tng	2.4	Yes
Application	broadcom	unicenter_tng	2.4.2	Yes
Application	ca	etrust_admin	2.1	Yes
Application	ca	etrust_admin	2.4	Yes
Application	ca	etrust_admin	2.7	Yes
Application	ca	etrust_admin	2.9	Yes
Application	ca	unicenter_asset_management	4.0	Yes
Application	ca	unicenter_enterprise_job_manager	1.0	Yes
Application	ca	unicenter_enterprise_job_manager	1.0	Yes
Application	ca	unicenter_management	4.0	Yes
Application	ca	unicenter_management	4.0	Yes
Application	ca	unicenter_management	4.1	Yes
Application	ca	unicenter_management	5.0	Yes
Application	ca	unicenter_management	5.0.1	Yes
Application	ca	unicenter_software_delivery	4.0	Yes
Application	ca	unicenter_tng	2.2	Yes

References

http://secunia.com/advisories/26190 Third Party Advisory ([email protected])
http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp Vendor Advisory ([email protected])
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809 Vendor Advisory ([email protected])
http://www.iss.net/threats/272.html Broken Link ([email protected])
http://www.securityfocus.com/archive/1/474602/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/25051 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id?1018449 Third Party Advisory, VDB Entry ([email protected])
http://www.vupen.com/english/advisories/2007/2638 Third Party Advisory ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/32234 Third Party Advisory, VDB Entry ([email protected])
http://secunia.com/advisories/26190 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.iss.net/threats/272.html Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/474602/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/25051 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1018449 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/2638 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/32234 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)