CVE-2007-0060: Buffer Overflow
First published: Thu Jul 26 2007(Updated: )
Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Broadcom Unicenter Management Portal | =4.1 | |
| Broadcom Unicenter Asset Management | =4.0-sp1 | |
| Broadcom eTrust Admin | =2.1 | |
| Broadcom Unicenter Software Delivery | =4.0-sp1 | |
| Broadcom Unicenter Management Portal | =5.0.1 | |
| CA Unicenter Enterprise Job Manager | =1.0-sp1 | |
| Broadcom eTrust Admin | =2.9 | |
| Broadcom eTrust Admin | =2.4 | |
| Broadcom Unicenter Management Portal | =4.0 | |
| Broadcom eTrust Admin | =2.7 | |
| CA Unicenter Enterprise Job Manager | =1.0-sp2 | |
| Broadcom Unicenter Management Portal | =4.0 | |
| Broadcom Unicenter Management Portal | =5.0 | |
| Broadcom Unicenter TNG | =2.2 | |
| Broadcom Advantage Data Transport | =3.0 | |
| Broadcom BrightStor Portal | =11.1 | |
| Broadcom BrightStor SAN Manager | =11.1 | |
| Broadcom BrightStor SAN Manager | =11.5 | |
| Broadcom CleverPath AION | =10.0 | |
| Broadcom CleverPath ECM | =3.5 | |
| Broadcom CleverPath OLAP | =5.1 | |
| Broadcom CleverPath Predictive Analysis Server | =2.0 | |
| Broadcom CleverPath Predictive Analysis Server | =3.0 | |
| Broadcom eTrust Admin | =8.0 | |
| Broadcom eTrust Admin | =8.1 | |
| Broadcom Unicenter Application Performance Monitor | =3.0 | |
| Broadcom Unicenter Application Performance Monitor | =3.5 | |
| Broadcom Unicenter Asset Management | =3.1 | |
| Broadcom Unicenter Asset Management | =3.2 | |
| Broadcom Unicenter Asset Management | =3.2-sp1 | |
| Broadcom Unicenter Asset Management | =3.2-sp2 | |
| Broadcom Unicenter Asset Management | =4.0 | |
| Broadcom Unicenter Data Transport Option | =2.0 | |
| CA Unicenter Remote Control | =6.0 | |
| CA Unicenter Remote Control | =6.0-sp1 | |
| Broadcom CA Service Level Management | =3.0 | |
| Broadcom CA Service Level Management | =3.0.1 | |
| Broadcom CA Service Level Management | =3.0.2 | |
| Broadcom CA Service Level Management | =3.5 | |
| Broadcom Unicenter Jasmine | =3.0 | |
| CA Network and Systems Management | =3.0 | |
| CA Network and Systems Management | =3.1 | |
| CA NSM Job Management Option | =3.0 | |
| Unicenter Software Delivery | =3.0 | |
| Unicenter Software Delivery | =3.1-sp1 | |
| Unicenter Software Delivery | =3.1-sp2 | |
| Unicenter Software Delivery | =3.1 | |
| Unicenter Software Delivery | =4.0 | |
| CA Unicenter TNG | =2.1 | |
| CA Unicenter TNG | =2.2 | |
| CA Unicenter TNG | =2.4 | |
| CA Unicenter TNG | =2.4.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.iss.net/threats/272.html
- http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp
- http://www.securityfocus.com/bid/25051
- http://secunia.com/advisories/26190
- http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809
- http://www.securitytracker.com/id?1018449
- http://www.vupen.com/english/advisories/2007/2638
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32234
- http://www.securityfocus.com/archive/1/474602/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-0060?
CVE-2007-0060 is classified as a critical vulnerability due to its potential to allow remote code execution through a stack-based buffer overflow.
How do I fix CVE-2007-0060?
To remediate CVE-2007-0060, upgrade to CA Message Queuing software version 1.11 Build 54_4 or later.
What products are affected by CVE-2007-0060?
CVE-2007-0060 affects multiple CA software products, including CA Unicenter Management, eTrust Admin, and Broadcom BrightStor.
Is CVE-2007-0060 still a risk for unsupported software versions?
Yes, using unsupported versions of the software that are vulnerable to CVE-2007-0060 remains a significant security risk.
Can CVE-2007-0060 be exploited remotely?
Yes, CVE-2007-0060 can be exploited remotely, allowing attackers to execute arbitrary code on affected systems.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/ca
- canonical/broadcom unicenter management portal
- version/broadcom unicenter management portal/4.1
- canonical/broadcom unicenter asset management
- version/broadcom unicenter asset management/4.0-sp1
- canonical/broadcom etrust admin
- version/broadcom etrust admin/2.1
- canonical/broadcom unicenter software delivery
- version/broadcom unicenter software delivery/4.0-sp1
- version/broadcom unicenter management portal/5.0.1
- canonical/ca unicenter enterprise job manager
- version/ca unicenter enterprise job manager/1.0-sp1
- version/broadcom etrust admin/2.9
- version/broadcom etrust admin/2.4
- version/broadcom unicenter management portal/4.0
- version/broadcom etrust admin/2.7
- version/ca unicenter enterprise job manager/1.0-sp2
- version/broadcom unicenter management portal/5.0
- canonical/broadcom unicenter tng
- version/broadcom unicenter tng/2.2
- vendor/broadcom
- canonical/broadcom advantage data transport
- version/broadcom advantage data transport/3.0
- canonical/broadcom brightstor portal
- version/broadcom brightstor portal/11.1
- canonical/broadcom brightstor san manager
- version/broadcom brightstor san manager/11.1
- version/broadcom brightstor san manager/11.5
- canonical/broadcom cleverpath aion
- version/broadcom cleverpath aion/10.0
- canonical/broadcom cleverpath ecm
- version/broadcom cleverpath ecm/3.5
- canonical/broadcom cleverpath olap
- version/broadcom cleverpath olap/5.1
- canonical/broadcom cleverpath predictive analysis server
- version/broadcom cleverpath predictive analysis server/2.0
- version/broadcom cleverpath predictive analysis server/3.0
- version/broadcom etrust admin/8.0
- version/broadcom etrust admin/8.1
- canonical/broadcom unicenter application performance monitor
- version/broadcom unicenter application performance monitor/3.0
- version/broadcom unicenter application performance monitor/3.5
- version/broadcom unicenter asset management/3.1
- version/broadcom unicenter asset management/3.2
- version/broadcom unicenter asset management/3.2-sp1
- version/broadcom unicenter asset management/3.2-sp2
- version/broadcom unicenter asset management/4.0
- canonical/broadcom unicenter data transport option
- version/broadcom unicenter data transport option/2.0
- canonical/ca unicenter remote control
- version/ca unicenter remote control/6.0
- version/ca unicenter remote control/6.0-sp1
- canonical/broadcom ca service level management
- version/broadcom ca service level management/3.0
- version/broadcom ca service level management/3.0.1
- version/broadcom ca service level management/3.0.2
- version/broadcom ca service level management/3.5
- canonical/broadcom unicenter jasmine
- version/broadcom unicenter jasmine/3.0
- canonical/ca network and systems management
- version/ca network and systems management/3.0
- version/ca network and systems management/3.1
- canonical/ca nsm job management option
- version/ca nsm job management option/3.0
- canonical/unicenter software delivery
- version/unicenter software delivery/3.0
- version/unicenter software delivery/3.1-sp1
- version/unicenter software delivery/3.1-sp2
- version/unicenter software delivery/3.1
- version/unicenter software delivery/4.0
- canonical/ca unicenter tng
- version/ca unicenter tng/2.1
- version/ca unicenter tng/2.2
- version/ca unicenter tng/2.4
- version/ca unicenter tng/2.4.2