CA patches vulnerability

Software giant issues fixes for CAM/CAFT

CA has revealed product security vulnerability in its CAM/CAFT software.

Patches are now available for the vulnerability issues in CA’s Message Queuing (CAM / CAFT) software namely CAM being vulnerable to a Denial of Service (DoS) attack when a specially crafted message is received on TCP port 4105 and being vulnerable to a Denial of Service (DoS) through the spoofing of CAM control messages. CA recommends all customers install the patch as soon as possible.

CAM is a messaging sub-component which provides a "store and forward" messaging framework for applications. A number of CA applications now use CAM for their messaging requirements. CAFT is an application, supplied with CAM, which utilises CAM for file transfers. CAFT is driven by messages it receives from CAM enabled applications.

The vulnerability may be exploited causing a Denial of Service attack (loss of functionality) on the affected platform. CAM/CAFT is a common component of various CA products (refer list below) which are normally deployed behind a corporate firewall. Therefore this vulnerability is NOT regarded as having the potential to cause widespread problems for independent machines deployed on the general internet.


The vulnerability affects all versions of the CA Message Queuing software prior to v1.07 Build 220_16 and v1.11 Build 29_20 on the specified platforms. These include AIX, DG Intel, DG Motorola, DYNIX, OSF1, HP-UX, IRIX, Linux Intel, Linux s/390, Solaris Intel, Solaris SPARC, UnixWare and Windows. AS/400, MVS, NetWare, OS/2 and OpenVMS platforms are not affected.

For more information visit http://www.ca.com/camap.htm


 

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Operating systems software

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close