CA Unicenter CAM log_security()远程缓冲区溢出漏洞
[b]受影响系统:[/b]
Computer Associates Message Queuing [b]描述:[/b]
BUGTRAQ ID: [url=http://www.securityfocus.com/bid/14622]14622[/url]
CVE(CAN) ID: [url=http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2668]CAN-2005-2668[/url]
CA Unicenter Management Portal提供对企业管理信息的访问,提供个性化WEB接口等各种Unicenter管理解决方案。
CA Unicenter的CAM服务实现上存在缓冲区溢出漏洞,远程攻击者可能利用此漏洞在主机上执行任意指令。
通过向log_security()调用传递一个超长的参数,远程攻击者可以导致缓冲区溢出,精心构造的参数值可以使主机执行攻击者指定的任意指令。
[b]建议:[/b]
厂商补丁:
Computer Associates
-------------------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Computer Associates CAM 1.11
* Computer Associates CAM 1.11 Build 29_13
[url=http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_cam111]http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_cam111[/url] fixes.asp
Computer Associates CAM 1.07
* Computer Associates CAM 1.07 Build 220_13
[url=http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_cam107]http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_cam107[/url] fixes.asp
Computer Associates CAM 1.05
* Computer Associates CAM 1.07 Build 220_13
[url=http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_cam107]http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_cam107[/url] fixes.asp |