News

CA patches vulnerability

CA has revealed product security vulnerability in its CAM/CAFT software.

Patches are now available for the vulnerability issues in CA’s Message Queuing (CAM / CAFT) software namely CAM being vulnerable to a Denial of Service (DoS) attack when a specially crafted message is received on TCP port 4105 and being vulnerable to a Denial of Service (DoS) through the spoofing of CAM control messages. CA recommends all customers install the patch as soon as possible.

CAM is a messaging sub-component which provides a "store and forward" messaging framework for applications. A number of CA applications now use CAM for their messaging requirements. CAFT is an application, supplied with CAM, which utilises CAM for file transfers. CAFT is driven by messages it receives from CAM enabled applications.

The vulnerability may be exploited causing a Denial of Service attack (loss of functionality) on the affected platform. CAM/CAFT is a common component of various CA products (refer list below) which are normally deployed behind a corporate firewall. Therefore this vulnerability is NOT regarded as having the potential to cause widespread problems for independent machines deployed on the general internet.

The vulnerability affects all versions of the CA Message Queuing software prior to v1.07 Build 220_16 and v1.11 Build 29_20 on the specified platforms. These include AIX, DG Intel, DG Motorola, DYNIX, OSF1, HP-UX, IRIX, Linux Intel, Linux s/390, Solaris Intel, Solaris SPARC, UnixWare and Windows. AS/400, MVS, NetWare, OS/2 and OpenVMS platforms are not affected.

For more information visit http://www.ca.com/camap.htm

Related Topics: Operating systems software, Business applications, IT risk management, IT strategy, VIEW ALL TOPICS

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Read More

Related content from ComputerWeekly.com
RELATED CONTENT FROM THE TECHTARGET NETWORK

COMMENTS powered by Disqus // Commenting policy

More from Related TechTarget Sites

CIO
Security
Networking
Data Center
Data Management

CIO
- Consistent cybersecurity training a must to meet evolving threats
  
  In this week's Searchlight: bold new threats highlight need for cybersecuity training, why big data requires soft skills, cloud confusion and more.
- For effective cybersecurity, communicate and cover your assets
  
  Learn how to tackle cybercrime from former White House CIO Theresa Payton and former federal Cybersecurity Coordinator Howard Schmidt.
- Exploring the 'Big Data Frontier'
  
  IT business strategist Harvey Koeppel draws on historical data to explore the 'Big Data Frontier' and its potential to profoundly change the world.
Security
- Using EMET to harden Windows XP and other legacy applications
  
  Expert Michael Cobb details how using EMET, a free tool from Microsoft, can harden Windows XP and other legacy applications.
- Beyond privacy policies: Practical privacy for websites and mobile apps
  
  Posting a privacy policy is not enough. Here's practical advice for privacy on websites and mobile apps.
- Exploit kits evolved: How to defend against the latest attack toolkits
  
  Expert Nick Lewis details how automated exploit kits are evolving and offers mitigations for the latest methods employed by these attack toolkits.
Networking
- Troubleshooting network problems with good governance and design
  
  Packet loss, oversubscription, unpatched and inconsistent switch software still plague enterprise networks. Find out how engineers are fighting back.
- Networking blogs: Overlay Transport Virtualization, SDDC practicality
  
  In this week's networking roundup, bloggers advise how to use Overlay Transport Virtualization and discuss what's needed for a mature SDDC.
- Q&A: Why WLAN test tools should evolve quickly -- but likely won't
  
  Network consultant Peter Welcher talked to SearchNetworking about the evolution of WLAN test tools as more businesses look to wireless networks.
Data Center
- Data center technologies evolve to meet tomorrow's computing demands
  
  VMware's upcoming public cloud and AMD's 64-bit ARM servers are technologies for the data center that exemplify the changes in the IT industry.
- New data center cooling strategies to improve efficiency, lower costs
  
  Stagnant strategies for data center cooling will keep energy bills climbing ever higher, but a more modern approach can bring them back down to earth.
- Converged systems usher in data center transformation
  
  The rise of converged systems has brought a new level of manageability to the data center, but these integrated offerings have a few drawbacks.
Data Management
- New BI stack tackles data load at Boston Children's Hospital
  
  Boston Children's Hospital upgraded its business intelligence architecture to boost enterprise reporting, a move that also required retraining users.
- Expanded Hadoop use cases will drive need for new enterprise features
  
  With user interest rising, Hadoop vendors are trying to pave a path to higher adoption with add-ons that target issues holding the technology back.
- Jim Goodnight on SAS in-memory analytics and the data scientist
  
  A podcast Q&A with SAS execs Jim Goodnight and Jim Davis looks at big data enablers, including in-memory analytics, and the role of data scientists.

All Rights Reserved,Copyright 2000 - 2013, TechTarget