News

CA patches vulnerability

CA has revealed product security vulnerability in its CAM/CAFT software.

Patches are now available for the vulnerability issues in CA’s Message Queuing (CAM / CAFT) software namely CAM being vulnerable to a Denial of Service (DoS) attack when a specially crafted message is received on TCP port 4105 and being vulnerable to a Denial of Service (DoS) through the spoofing of CAM control messages. CA recommends all customers install the patch as soon as possible.

CAM is a messaging sub-component which provides a "store and forward" messaging framework for applications. A number of CA applications now use CAM for their messaging requirements. CAFT is an application, supplied with CAM, which utilises CAM for file transfers. CAFT is driven by messages it receives from CAM enabled applications.

The vulnerability may be exploited causing a Denial of Service attack (loss of functionality) on the affected platform. CAM/CAFT is a common component of various CA products (refer list below) which are normally deployed behind a corporate firewall. Therefore this vulnerability is NOT regarded as having the potential to cause widespread problems for independent machines deployed on the general internet.


The vulnerability affects all versions of the CA Message Queuing software prior to v1.07 Build 220_16 and v1.11 Build 29_20 on the specified platforms. These include AIX, DG Intel, DG Motorola, DYNIX, OSF1, HP-UX, IRIX, Linux Intel, Linux s/390, Solaris Intel, Solaris SPARC, UnixWare and Windows. AS/400, MVS, NetWare, OS/2 and OpenVMS platforms are not affected.

For more information visit http://www.ca.com/camap.htm


 


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy