Vulnerability Name:

CVE-2005-2668 (CCN-21948)

Assigned:2005-08-21
Published:2005-08-21
Updated:2021-04-14
Summary:Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown vectors.
CVSS v3 Severity:9.3 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: Full-Disclosure Mailing List, Tue Jan 17 2006 - 08:03:23 CST
DM Primer error handling weakness & an old CAM BO revisited

Source: MITRE
Type: CNA
CVE-2005-2668

Source: CCN
Type: SA16513
CA Various Products Message Queuing Vulnerabilities

Source: SECUNIA
Type: Third Party Advisory
16513

Source: CCN
Type: CA CA Message Queuing Security Notice August 19, 2005
Patches Are Now Available To Address CA Message Queuing Vulnerabilities

Source: CONFIRM
Type: Broken Link
http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp

Source: CCN
Type: US-CERT VU#619988
Computer Associates Message Queuing software vulnerable to buffer overflows

Source: CERT-VN
Type: Third Party Advisory, US Government Resource
VU#619988

Source: OSVDB
Type: Broken Link
18916

Source: CCN
Type: OSVDB ID: 18916
CA Multiple Products Message Queuing (CAM/CAFT) Multiple Remote Overflows

Source: BID
Type: Patch, Third Party Advisory, VDB Entry
14622

Source: CCN
Type: BID-14622
Computer Associates Message Queuing Buffer Overflow Vulnerability

Source: VUPEN
Type: Third Party Advisory
ADV-2005-1482

Source: MISC
Type: Patch, Vendor Advisory
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32919

Source: XF
Type: UNKNOWN
ca-message-queue-bo(21948)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:broadcom:advantage_data_transport:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:adviseit:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_portal:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_san_manager:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_san_manager:1.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_san_manager:1.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_san_manager:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:cleverpath_aion:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:cleverpath_ecm:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:cleverpath_olap:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:cleverpath_predictive_analysis_server:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:cleverpath_predictive_analysis_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_admin:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_admin:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:messaging:1.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:messaging:1.7:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:messaging:1.11:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_application_performance_monitor:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_application_performance_monitor:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_asset_management:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_asset_management:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_asset_management:3.2:sp1:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_asset_management:3.2:sp2:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_asset_management:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_data_transport_option:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_jasmine:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_management_portal:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_management_portal:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_nsm_wireless_network_management_option:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_performance_management:2.4:sp3:openvms:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_remote_control:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_remote_control:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_service_level_management:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_service_level_management:3.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_service_level_management:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_service_level_management:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_software_delivery:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_software_delivery:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_software_delivery:3.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_software_delivery:3.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_software_delivery:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_tng:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_tng:2.2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_tng:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_tng:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_admin:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_admin:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_admin:2.7:*:*:*:*:*:*:*
  • OR cpe:/a:ca:etrust_admin:2.9:*:*:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_asset_management:4.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_enterprise_job_manager:1.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_enterprise_job_manager:1.0:sp2:*:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_management:3.5:*:websphere_mq:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_management:4.0:*:lotus_notes_domino:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_management:4.0:*:microsoft_exchange:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_management:4.1:*:microsoft_exchange:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_management:5.0:*:web_servers:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_management:5.0.1:*:web_servers:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_software_delivery:4.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_tng:2.2:*:*:ja:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:broadcom:unicenter_tng:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_tng:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_tng:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_remote_control:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_asset_management:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:adviseit:2.4:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:advantage_data_transport:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_san_manager:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_san_manager:1.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_san_manager:1.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_san_manager:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:brightstor_portal:11.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:cleverpath_olap:5.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:cleverpath_ecm:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:cleverpath_predictive_analysis_server:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:cleverpath_predictive_analysis_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:cleverpath_aion:10.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_admin:2.01:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_admin:2.04:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_admin:2.09:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_admin:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:etrust_admin:8.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_application_performance_monitor:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_application_performance_monitor:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_asset_management:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_asset_management:3.2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_asset_management:3.2:sp1:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_asset_management:3.2:sp2:*:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_asset_management:4.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_data_transport_option:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_enterprise_job_manager:1.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_enterprise_job_manager:1.0:sp2:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_jasmine:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_nsm:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_nsm:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_nsm_wireless_network_management_option:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_remote_control:6.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_service_level_management:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_software_delivery:3.1:sp1:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_software_delivery:3.1:sp2:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_software_delivery:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:ca:unicenter_software_delivery:4.0:sp1:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_performance_management:2.4:sp3:openvms:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_service_level_management:3.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_service_level_management:3.5:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_software_delivery:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_software_delivery:3.1:*:*:*:*:*:*:*
  • OR cpe:/a:broadcom:unicenter_tng:2.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    broadcom advantage data transport 3.0
    broadcom adviseit 2.4
    broadcom brightstor portal 11.1
    broadcom brightstor san manager 1.1
    broadcom brightstor san manager 1.1 sp1
    broadcom brightstor san manager 1.1 sp2
    broadcom brightstor san manager 11.1
    broadcom cleverpath aion 10.0
    broadcom cleverpath ecm 3.5
    broadcom cleverpath olap 5.1
    broadcom cleverpath predictive analysis server 2.0
    broadcom cleverpath predictive analysis server 3.0
    broadcom etrust admin 8.0
    broadcom etrust admin 8.1
    broadcom messaging 1.5
    broadcom messaging 1.7
    broadcom messaging 1.11
    broadcom unicenter application performance monitor 3.0
    broadcom unicenter application performance monitor 3.5
    broadcom unicenter asset management 3.1
    broadcom unicenter asset management 3.2
    broadcom unicenter asset management 3.2 sp1
    broadcom unicenter asset management 3.2 sp2
    broadcom unicenter asset management 4.0
    broadcom unicenter data transport option 2.0
    broadcom unicenter jasmine 3.0
    broadcom unicenter management portal 2.0
    broadcom unicenter management portal 3.1
    broadcom unicenter network and systems management 3.0
    broadcom unicenter network and systems management 3.1
    broadcom unicenter nsm wireless network management option 3.0
    broadcom unicenter performance management 2.4 sp3
    broadcom unicenter remote control 6.0
    broadcom unicenter remote control 6.0 sp1
    broadcom unicenter service level management 3.0
    broadcom unicenter service level management 3.0.1
    broadcom unicenter service level management 3.0.2
    broadcom unicenter service level management 3.5
    broadcom unicenter software delivery 3.0
    broadcom unicenter software delivery 3.1
    broadcom unicenter software delivery 3.1 sp1
    broadcom unicenter software delivery 3.1 sp2
    broadcom unicenter software delivery 4.0
    broadcom unicenter tng 2.1
    broadcom unicenter tng 2.2
    broadcom unicenter tng 2.4
    broadcom unicenter tng 2.4.2
    ca etrust admin 2.1
    ca etrust admin 2.4
    ca etrust admin 2.7
    ca etrust admin 2.9
    ca unicenter asset management 4.0 sp1
    ca unicenter enterprise job manager 1.0 sp1
    ca unicenter enterprise job manager 1.0 sp2
    ca unicenter management 3.5
    ca unicenter management 4.0
    ca unicenter management 4.0
    ca unicenter management 4.1
    ca unicenter management 5.0
    ca unicenter management 5.0.1
    ca unicenter software delivery 4.0 sp1
    ca unicenter tng 2.2
    ca unicenter tng 2.1
    ca unicenter tng 2.4
    ca unicenter tng 2.4.2
    ca unicenter remote control 6.0
    ca unicenter asset management 4.0
    ca adviseit 2.4
    ca advantage data transport 3.0
    ca brightstor san manager 1.1
    ca brightstor san manager 1.1 sp1
    ca brightstor san manager 1.1 sp2
    ca brightstor san manager 11.1
    ca brightstor portal 11.1
    ca cleverpath olap 5.1
    ca cleverpath ecm 3.5
    ca cleverpath predictive analysis server 2.0
    ca cleverpath predictive analysis server 3.0
    ca cleverpath aion 10.0
    ca etrust admin 2.01
    ca etrust admin 2.04
    ca etrust admin 2.09
    ca etrust admin 8.0
    ca etrust admin 8.1
    ca unicenter application performance monitor 3.0
    ca unicenter application performance monitor 3.5
    ca unicenter asset management 3.1
    ca unicenter asset management 3.2
    ca unicenter asset management 3.2 sp1
    ca unicenter asset management 3.2 sp2
    ca unicenter asset management 4.0 sp1
    ca unicenter data transport option 2.0
    ca unicenter enterprise job manager 1.0 sp1
    ca unicenter enterprise job manager 1.0 sp2
    ca unicenter jasmine 3.0
    ca unicenter nsm 3.0
    ca unicenter nsm 3.1
    ca unicenter nsm wireless network management option 3.0
    ca unicenter remote control 6.0 sp1
    ca unicenter service level management 3.0
    ca unicenter software delivery 3.1 sp1
    ca unicenter software delivery 3.1 sp2
    ca unicenter software delivery 4.0
    ca unicenter software delivery 4.0 sp1
    ca unicenter performance management 2.4 sp3
    ca unicenter service level management 3.0.2
    ca unicenter service level management 3.5
    ca unicenter software delivery 3.0
    ca unicenter software delivery 3.1
    ca unicenter tng 2.2