APP: CA Products Message Queuing Server Buffer Overflow
This signature detects attempts to exploit a known buffer overflow vulnerability in the way CA Message Queuing Server handles incoming packets. It is due to lack of boundary protection while processing packets. A remote unauthenticated attacker can exploit this to cause a denial-of-service condition or inject and execute arbitrary code on the system within the security context of the affected service, normally System. Also, in a successful code injection attack, the behavior of the target is entirely dependent on the intended function of the injected code and would execute within the security context of the affected service. In an unsuccessful code injection attack, the affected server terminates.
Extended Description
Multiple Computer Associates products are prone to a remote stack-based buffer-overflow vulnerability. This issue affects the Message Queuing (CAM/CAFT) component. The application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer. A successful exploit will allow an attacker to execute arbitrary code with SYSTEM-level privileges. This issue affects all versions of the CA Message Queuing software prior to v1.11 Build 54_4 on Windows and NetWare.
Affected Products
Computer_associates cleverpath_aion
Short Name
APP:CA:MESSAGE-QUEUE-HEAP
Severity
Critical
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Buffer CA CVE-2007-0060 Message Overflow Products Queuing Server bid:25051
Release Date
10/13/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/3104
False Positive
Unknown
Vendors
Computer_associates
CVSS Score
9.3