CA patches vulnerability

Software giant issues fixes for CAM/CAFT

CA has revealed product security vulnerability in its CAM/CAFT software.

Patches are now available for the vulnerability issues in CA’s Message Queuing (CAM / CAFT) software namely CAM being vulnerable to a Denial of Service (DoS) attack when a specially crafted message is received on TCP port 4105 and being vulnerable to a Denial of Service (DoS) through the spoofing of CAM control messages. CA recommends all customers install the patch as soon as possible.

CAM is a messaging sub-component which provides a "store and forward" messaging framework for applications. A number of CA applications now use CAM for their messaging requirements. CAFT is an application, supplied with CAM, which utilises CAM for file transfers. CAFT is driven by messages it receives from CAM enabled applications.

The vulnerability may be exploited causing a Denial of Service attack (loss of functionality) on the affected platform. CAM/CAFT is a common component of various CA products (refer list below) which are normally deployed behind a corporate firewall. Therefore this vulnerability is NOT regarded as having the potential to cause widespread problems for independent machines deployed on the general internet.

The vulnerability affects all versions of the CA Message Queuing software prior to v1.07 Build 220_16 and v1.11 Build 29_20 on the specified platforms. These include AIX, DG Intel, DG Motorola, DYNIX, OSF1, HP-UX, IRIX, Linux Intel, Linux s/390, Solaris Intel, Solaris SPARC, UnixWare and Windows. AS/400, MVS, NetWare, OS/2 and OpenVMS platforms are not affected.

For more information visit


Read more on Operating systems software