CA Multiple Products Message Queuing Server (Cam.exe) Remote Overflow

high Nessus Plugin ID 25766

Synopsis

Arbitrary code can be executed on the remote host due to a flaw in the CAM service.

Description

The remote version of CA Message Queuing Service contains a stack overflow that may allow an attacker to execute arbitrary code on the remote host with SYSTEM privileges.

An attacker does not need to be authenticated to exploit this flaw.

Solution

CA has released a set of patches for CAM 1.11.

See Also

http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809

Plugin Details

Severity: High

ID: 25766

File Name: cacam_overflow2.nasl

Version: 1.15

Type: remote

Published: 7/26/2007

Updated: 6/27/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: Host/OS, CA/MessageQueuing

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/25/2007

Reference Information

CVE: CVE-2007-0060

BID: 25051