Vulnerability Description
Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Broadcom | Advantage Data Transport | 3.0 |
| Broadcom | Brightstor Portal | 11.1 |
| Broadcom | Brightstor San Manager | 11.1 |
| Broadcom | Cleverpath Aion | 10.0 |
| Broadcom | Cleverpath Ecm | 3.5 |
| Broadcom | Cleverpath Olap | 5.1 |
| Broadcom | Cleverpath Predictive Analysis Server | 2.0 |
| Broadcom | Etrust Admin | 8.0 |
| Broadcom | Unicenter Application Performance Monitor | 3.0 |
| Broadcom | Unicenter Asset Management | 3.1 |
| Broadcom | Unicenter Data Transport Option | 2.0 |
| Broadcom | Unicenter Jasmine | 3.0 |
| Broadcom | Unicenter Network And Systems Management | 3.0 |
| Broadcom | Unicenter Nsm Wireless Network Management Option | 3.0 |
| Broadcom | Unicenter Remote Control | 6.0 |
| Broadcom | Unicenter Service Level Management | 3.0 |
| Broadcom | Unicenter Software Delivery | 3.0 |
| Broadcom | Unicenter Tng | 2.1 |
| Ca | Etrust Admin | 2.1 |
| Ca | Unicenter Asset Management | 4.0 |
References
- http://secunia.com/advisories/26190Third Party Advisory
- http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnotVendor Advisory
- http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809Vendor Advisory
- http://www.iss.net/threats/272.htmlBroken Link
- http://www.securityfocus.com/archive/1/474602/100/0/threaded
- http://www.securityfocus.com/bid/25051Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1018449Third Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2007/2638Third Party Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32234Third Party AdvisoryVDB Entry
- http://secunia.com/advisories/26190Third Party Advisory
- http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnotVendor Advisory
- http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809Vendor Advisory
- http://www.iss.net/threats/272.htmlBroken Link
- http://www.securityfocus.com/archive/1/474602/100/0/threaded
- http://www.securityfocus.com/bid/25051Third Party AdvisoryVDB Entry
FAQ
What is CVE-2007-0060?
CVE-2007-0060 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in...
How severe is CVE-2007-0060?
CVE-2007-0060 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0060?
Check the references section above for vendor advisories and patch information. Affected products include: Broadcom Advantage Data Transport, Broadcom Brightstor Portal, Broadcom Brightstor San Manager, Broadcom Cleverpath Aion, Broadcom Cleverpath Ecm.