CA Technologies support is alerting customers to security risks associated with CA Output Management Web Viewer. Two vulnerabilities exist that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerabilities. The vulnerabilities are due to boundary errors in the UOMWV_HelperActiveX.ocx and PPSView.ocx ActiveX controls. A remote attacker can create a specially crafted web page to exploit the flaws and potentially execute arbitrary code.
a2fdaccf936701cb458f4e2b02cdf7db59f508b0f0e7f796daac3f28d4115ccbCA Technologies support is alerting customers to a security risk associated with CA Host-Based Intrusion Prevention System (HIPS). A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerability. The vulnerability is due to insecure method implementation in the XMLSecDB ActiveX control that is utilized in CA HIPS components and products. A remote attacker can potentially execute arbitrary code if he can trick a user into visiting a malicious web page or opening a malicious file. Versions prior to 8.1.0.88 are affected.
1165984f0f9a0bde4ed83ed6d3943f818df52123eeb80a2f91a7d5dce511133bCA Technologies support is alerting customers to a security risk with CA ARCserve D2D. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued an Information Solution to address the vulnerability. The vulnerability is due to default vulnerabilities inherent in the Tomcat and Axis2 3rd party software components. A remote attacker can exploit the implementation to execute arbitrary code.
d45629c328104fe8803b9f9bf4683e49b202ea86b3bdfff68ace08ce803d0c8cCA's support is alerting customers to a security risk with CA SiteMinder. Multiple cross site scripting (XSS) vulnerabilities exist that can allow a remote attacker to potentially gain sensitive information. CA has provided guidance to remediate the vulnerability.
0086b7aee2a4c6e1f497434c6dd1033fc49b8c4e5dabfa495c73ef3dad9e9fb8CA's support is alerting customers to multiple security risks associated with CA Anti-Virus Engine. Vulnerabilities exist in the arclib component that can allow a remote attacker to cause a denial of service, or to cause heap corruption and potentially further compromise a system. CA has issued fixes to address the vulnerabilities.
1dc4058c8e774be29fddef6f172c726958c3daac8818e3613e4ed1638ebe3c6fThe release of Tomcat as included with CA Service Desk r11.2 is potentially susceptible to a cross-site scripting vulnerability. CA has issued a technical document that describes remediation procedures.
d707e5a41acfb37cf9412d440b94a1a0a483c37fdfd80518eae28728bf326b60CA ARCserve Backup contains multiple vulnerabilities in the message engine that can allow a remote attacker to cause a denial of service. CA has issued an update to address the vulnerabilities. The vulnerabilities occur due to insufficient verification of data sent to the message engine. An attacker can make requests that can cause the message engine to crash.
7fc7703516c70a91ea9a307108dc90e534db45f1157a750a6798f2880f833fd9CA ARCserve Backup on Solaris, Tru64, HP-UX, and AIX contains multiple vulnerabilities in the Apache HTTP Server version as shipped with ARCserve Backup. CA has issued updates that contain version 2.0.63 of the Apache HTTP Server to address the vulnerabilities.
d86ddfa32f66c166dab389f1acfc4382cf2d3e171fd0b28f0cb00c76bf5575e6The CA Anti-Virus engine contains multiple vulnerabilities that can allow a remote attacker to evade detection by the Anti-Virus engine by creating a malformed archive file in one of several common file archive formats.
944ae526a24c8cceb81b918075140aa5750f12966e49907a39066cac40a142ceMultiple security risks exist in Apache Tomcat as included with CA Cohesion and products that contain CA Cohesion. These include, but are not limited to, arbitrary command execution. Affected products include CA Cohesion Application Configuration Manager 4.5, CA CMDB Application Server 11.1, and Unicenter Service Desk 11.2.
c8609f8dceb80de59813e4e08c5e56ee0e21604a9ddf888c621eda88cd823b65CA Service Metric Analysis and CA Service Level Management contain a vulnerability that can allow a remote attacker to execute arbitrary commands. CA has issued patches to address the vulnerability. The vulnerability is due to insufficient access restrictions associated with the smmsnmpd service. A remote attacker can exploit this vulnerability to execute arbitrary commands in the context of the service. Affected products include CA Service Level Management 3.5, CA Service Metric Analysis r11.0, CA Service Metric Analysis r11.1, and CA Service Metric Analysis r11.1 SP1.
a62071c482a2724a1868fed40e856bb95649bf2a7c07ab8477daf6ca035387feCA ARCserve Backup contains a vulnerability that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued patches to address the vulnerability. The vulnerability is due to insufficient verification of client data. A remote attacker can crash the LDBserver service or execute arbitrary code in the context of the service. Note: The client installation is not affected.
c3f42a1781959a4e232299fd40445813782d401f6a4ad863bcdc64c3aefdb67aCA ARCserve Backup contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or possibly execute arbitrary code. CA has issued patches to address the vulnerabilities. The first vulnerability occurs due to insufficient validation of certain RPC call parameters by the message engine service. An attacker can exploit a directory traversal vulnerability to execute arbitrary commands. The second vulnerability occurs due to insufficient validation by the tape engine service. An attacker can make a request that will crash the service. The third vulnerability occurs due to insufficient validation by the database engine service. An attacker can make a request that will crash the service. The fourth vulnerability occurs due to insufficient validation of authentication credentials. An attacker can make a request that will crash multiple services. Note that these issues only affect the base product.
4a1efc837ec3a9c0d729220a5e7ba7876a7442c1a76a70f4dfc0ac3bc64384caCA Service Desk contains multiple vulnerabilities that can allow a remote attacker to conduct cross-site scripting attacks. CA has issued patches to address the vulnerabilities. Versions affected include CA Service Desk r11.2, CA CMDB 11.0, CA CMDB 11.1, and CA CMDB 11.2.
2a80ba34606dc3bdedd7a43bb67a8f007f1f415a4bdcec3033e08b9640bb0211The Computer Associates Host-Based Intrusion Prevention System SDK contains two vulnerabilities that can allow an attacker to cause a denial of service or possibly execute arbitrary code. CA has issued updates to address the vulnerabilities. The first vulnerability occurs due to insufficient verification of IOCTL requests by the kmxfw.sys driver. A local attacker can send an IOCTL request that can cause a system crash or potentially result in arbitrary code execution. The second vulnerability occurs due to insufficient validation by the kmxfw.sys driver. An attacker can make a request that can cause a system crash.
985be0e793f4ac4d6d9e3779bf5ca6b54567e5ea355a83dec5b7ae1dbd4feee5CA products that embed Ingres contain multiple vulnerabilities that can allow a remote attacker to execute arbitrary code, gain privileges, or cause a denial of service condition.
6040ab449470478bb5b86d5556ee4b54361f55be9e1dd935da2bec7284d81f1fCA ARCserve Backup for Laptops and Desktops server contains a vulnerability that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerability. The vulnerability occurs due to insufficient bounds checking by the LGServer service. An attacker can make a request that can result in arbitrary code execution or crash the service.
546596733a111ab7c22eab5b58d387a2bba2105322c3c3b4174032dbce075728CA ARCserve Backup contains a vulnerability in the Discovery service (casdscsvc) that can allow a remote attacker to cause a denial of service condition. CA has issued patches to address the vulnerability. The vulnerability occurs due to insufficient verification of client data. An attacker can make a request that can crash the service.
0741ffe1de4d95ff387305e81ed6300a04528dc9d2dc44058f58fe0edd600007CA ARCserve Backup contains multiple vulnerabilities that can allow a remote attacker to cause a denial of service or execute arbitrary code. CA has issued patches to address the vulnerabilities. The first vulnerability, CVE-2008-2241, is due to insufficient path verification by the logging service, caloggerd. An attacker can append data to arbitrary files, which can lead to system compromise. The second vulnerability, CVE-2008-2242, is due to insufficient bounds checking by multiple xdr functions. An attacker can cause an overflow and execute arbitrary code.
4e72f135e85d378c8daae3e615f25746727f11c302917fbfcb8e7d99f84d149bCA products that implement the DSM gui_cm_ctrls ActiveX control contain a vulnerability that can allow a remote attacker to cause a denial of service or execute arbitrary code. The vulnerability is due to insufficient verification of function arguments by the gui_cm_ctrls control. An attacker can execute arbitrary code under the context of the user running the web browser.
b63cbfd73b81137d031f97bd4f2406b126e28b710e79acc9de05299b137471b2CA Security Advisory - CA ARCserve Backup for Laptops and Desktops Server contains multiple vulnerabilities that can allow a remote attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities. The first issue occurs due to insufficient bounds checking on command arguments by the LGServer service. The second issue occurs due to insufficient verification of file uploads by the NetBackup service. In most cases, an attacker can potentially gain complete control of an affected installation. Additionally, only a server installation of BrightStor ARCserve Backup for Laptops and Desktops is affected. The client installation is not affected.
465613d80f35d24daf2fd29de5df3e3834e3533ddc03f34fa29343c01188d0feCA Security Advisory - CA Alert Notification Server service contains multiple vulnerabilities that can allow a remote authenticated attacker to execute arbitrary code or cause a denial of service condition. CA has issued updates to address the vulnerabilities. The vulnerabilities are due to insufficient bounds checking in multiple procedures. A remote authenticated attacker or local user can exploit a buffer overflow to execute arbitrary code or cause a denial of service.
87c606935857a14dd69d4559e0de12e92406b71e84be5dad04da16eda476df5dCA Security Advisory - CA products that implement the DSM ListCtrl ActiveX control are vulnerable to a buffer overflow condition that can allow a remote attacker to cause a denial of service or execute arbitrary code with the privileges of the user running the web browser.
09da45444339d3374071c6c750d520dceb4ed69662d8b774f4b6bf0b10195eefCA Security Advisory - A potential vulnerability exists in the Ingres software that is embedded in various CA products. This vulnerability exists only on Ingres 2.5 and Ingres 2.6 on Windows, and does not manifest itself on any Unix platform. Ingres r3 and Ingres 2006 are not affected.
f7ca90c4521927236d3bbfefb70dc89c88259368d66a18dae3701216866ea1caCA Host-Based Intrusion Prevention System (CA HIPS) contains a vulnerability in the Server installation that can allow a remote attacker to take unauthorized administrative action. The vulnerability occurs due to raw request data being displayed in the log when viewed by a browser. The client installation is not vulnerable.
c85539d8e715bc4393459fcd55868d6547302d34f075669e2c00d0567ee58f18
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed