* Technical Description *

Multiple vulnerabilities were identified in various Computer Associates products, which may be exploited by remote or local attackers to execute arbitrary commands or cause a denial of service.

The first issue is due to an unspecified error in the CAM messaging sub-component, which could be exploited by remote attackers to cause a denial of service.

The second flaw is due to a buffer overflow error in the CA Message Queuing Server that does not properly handle specially crafted requests, which could be exploited by remote attackers to execute arbitrary commands with SYSTEM privileges.

The third vulnerability is due to an unspecified error in the CAFT application that does not properly handle specially crafted messages, which could be exploited by attackers to execute arbitrary commands.

(platforms : AIX, DG Intel, DG Motorola, DYNIX, OSF1, HP-UX, IRIX, Linux Intel, Linux s/390, Solaris Intel, Solaris Sparc, UnixWare, Windows, Apple Mac, AS/400, MVS, NetWare, OS/2 and OpenVMS). 

 * Solution *

Fixes for CAM v1.11 prior to Build 29_13 :
http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_cam111fixes.asp

Fixes for CAM v1.07 prior to Build 220_13 :
http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_cam107fixes.asp

Fixes for CAM v1.05 (any version) :
http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_cam107fixes.asp

 * References *

http://www.frsirt.com/english/advisories/2005/1482
http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp