Vulnerability Name: CVE-2007-0060 (CCN-32234) Assigned: 2007-07-24 Published: 2007-07-24 Updated: 2021-04-14 Summary: Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104. CVSS v3 Severity: 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C 6.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C 7.4 High (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-Other Vulnerability Consequences: Gain Access References: Source: MITRECVE-2007-0060 CA Message Queuing Server Buffer Overflow Vulnerability 26190 eTrust Admin Buffer Overflow in Message Queuing Component Lets Remote Users Execute Arbitrary Code Security Notice for CA Message Queuing (CAM / CAFT) vulnerability http://supportconnectw.ca.com/public/dto_transportit/infodocs/camsgquevul-secnot.asp http://www.ca.com/us/securityadvisor/newsinfo/collateral.aspx?cid=149809 CA Message Queuing Server (Cam.exe) Overflow 20070724 CA Message Queuing Server (Cam.exe) Overflow CA Multiple Products Message Queuing Server (Cam.exe) Remote Overflow 20070725 [CAID 35527]: CA Message Queuing (CAM / CAFT) Buffer Overflow Vulnerability 25051 Computer Associates Multiple Products Message Queuing Remote Stack Buffer Overflow Vulnerability 1018449 ADV-2007-2638 systems-management-bo(32234) systems-management-bo(32234) Vulnerable Configuration: Configuration 1 :cpe:/a:broadcom:advantage_data_transport:3.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:brightstor_portal:11.1:*:*:*:*:*:*:* OR cpe:/a:broadcom:brightstor_san_manager:11.1:*:*:*:*:*:*:* OR cpe:/a:broadcom:brightstor_san_manager:11.5:*:*:*:*:*:*:* OR cpe:/a:broadcom:cleverpath_aion:10.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:cleverpath_ecm:3.5:*:*:*:*:*:*:* OR cpe:/a:broadcom:cleverpath_olap:5.1:*:*:*:*:*:*:* OR cpe:/a:broadcom:cleverpath_predictive_analysis_server:2.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:cleverpath_predictive_analysis_server:3.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:etrust_admin:8.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:etrust_admin:8.1:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_application_performance_monitor:3.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_application_performance_monitor:3.5:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_asset_management:3.1:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_asset_management:3.2:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_asset_management:3.2:sp1:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_asset_management:3.2:sp2:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_asset_management:4.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_data_transport_option:2.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_jasmine:3.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_nsm_wireless_network_management_option:3.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_remote_control:6.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_remote_control:6.0:sp1:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_service_level_management:3.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_service_level_management:3.0.1:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_service_level_management:3.0.2:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_service_level_management:3.5:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_software_delivery:3.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_software_delivery:3.1:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_software_delivery:3.1:sp1:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_software_delivery:3.1:sp2:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_software_delivery:4.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_tng:2.1:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_tng:2.2:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_tng:2.4:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_tng:2.4.2:*:*:*:*:*:*:* OR cpe:/a:ca:etrust_admin:2.1:*:*:*:*:*:*:* OR cpe:/a:ca:etrust_admin:2.4:*:*:*:*:*:*:* OR cpe:/a:ca:etrust_admin:2.7:*:*:*:*:*:*:* OR cpe:/a:ca:etrust_admin:2.9:*:*:*:*:*:*:* OR cpe:/a:ca:unicenter_asset_management:4.0:sp1:*:*:*:*:*:* OR cpe:/a:ca:unicenter_enterprise_job_manager:1.0:sp1:*:*:*:*:*:* OR cpe:/a:ca:unicenter_enterprise_job_manager:1.0:sp2:*:*:*:*:*:* OR cpe:/a:ca:unicenter_management:4.0:*:lotus_notes_domino:*:*:*:*:* OR cpe:/a:ca:unicenter_management:4.0:*:microsoft_exchange:*:*:*:*:* OR cpe:/a:ca:unicenter_management:4.1:*:microsoft_exchange:*:*:*:*:* OR cpe:/a:ca:unicenter_management:5.0:*:web_servers:*:*:*:*:* OR cpe:/a:ca:unicenter_management:5.0.1:*:web_servers:*:*:*:*:* OR cpe:/a:ca:unicenter_software_delivery:4.0:sp1:*:*:*:*:*:* OR cpe:/a:ca:unicenter_tng:2.2:*:*:ja:*:*:*:* Configuration CCN 1 :cpe:/a:broadcom:unicenter_tng:2.1:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_tng:2.4:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_tng:2.4.2:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_remote_control:6.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_asset_management:4.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:advantage_data_transport:3.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:brightstor_san_manager:11.1:*:*:*:*:*:*:* OR cpe:/a:broadcom:brightstor_portal:11.1:*:*:*:*:*:*:* OR cpe:/a:broadcom:cleverpath_olap:5.1:*:*:*:*:*:*:* OR cpe:/a:broadcom:cleverpath_ecm:3.5:*:*:*:*:*:*:* OR cpe:/a:broadcom:cleverpath_predictive_analysis_server:2.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:cleverpath_predictive_analysis_server:3.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:cleverpath_aion:10.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:etrust_admin:2.01:*:*:*:*:*:*:* OR cpe:/a:broadcom:etrust_admin:2.04:*:*:*:*:*:*:* OR cpe:/a:broadcom:etrust_admin:2.07:*:*:*:*:*:*:* OR cpe:/a:broadcom:etrust_admin:2.09:*:*:*:*:*:*:* OR cpe:/a:broadcom:etrust_admin:8.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:etrust_admin:8.1:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_application_performance_monitor:3.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_application_performance_monitor:3.5:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_asset_management:3.1:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_asset_management:3.2:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_asset_management:3.2:sp1:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_asset_management:3.2:sp2:*:*:*:*:*:* OR cpe:/a:ca:unicenter_asset_management:4.0:sp1:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_data_transport_option:2.0:*:*:*:*:*:*:* OR cpe:/a:ca:unicenter_enterprise_job_manager:1.0:sp1:*:*:*:*:*:* OR cpe:/a:ca:unicenter_enterprise_job_manager:1.0:sp2:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_jasmine:3.0:*:*:*:*:*:*:* OR cpe:/a:ca:unicenter_nsm:3.0:*:*:*:*:*:*:* OR cpe:/a:ca:unicenter_nsm:3.1:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_nsm_wireless_network_management_option:3.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_remote_control:6.0:sp1:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_service_level_management:3.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_software_delivery:3.1:sp1:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_software_delivery:3.1:sp2:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_software_delivery:4.0:*:*:*:*:*:*:* OR cpe:/a:ca:unicenter_software_delivery:4.0:sp1:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_service_level_management:3.0.2:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_service_level_management:3.5:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_software_delivery:3.0:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_software_delivery:3.1:*:*:*:*:*:*:* OR cpe:/a:broadcom:brightstor_san_manager:11.5:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_tng:2.2:*:*:*:*:*:*:* OR cpe:/a:broadcom:unicenter_service_level_management:3.0.1:*:*:*:*:*:*:* BACK
broadcom advantage data transport 3.0
broadcom brightstor portal 11.1
broadcom brightstor san manager 11.1
broadcom brightstor san manager 11.5
broadcom cleverpath aion 10.0
broadcom cleverpath ecm 3.5
broadcom cleverpath olap 5.1
broadcom cleverpath predictive analysis server 2.0
broadcom cleverpath predictive analysis server 3.0
broadcom etrust admin 8.0
broadcom etrust admin 8.1
broadcom unicenter application performance monitor 3.0
broadcom unicenter application performance monitor 3.5
broadcom unicenter asset management 3.1
broadcom unicenter asset management 3.2
broadcom unicenter asset management 3.2 sp1
broadcom unicenter asset management 3.2 sp2
broadcom unicenter asset management 4.0
broadcom unicenter data transport option 2.0
broadcom unicenter jasmine 3.0
broadcom unicenter network and systems management 3.0
broadcom unicenter network and systems management 3.1
broadcom unicenter nsm wireless network management option 3.0
broadcom unicenter remote control 6.0
broadcom unicenter remote control 6.0 sp1
broadcom unicenter service level management 3.0
broadcom unicenter service level management 3.0.1
broadcom unicenter service level management 3.0.2
broadcom unicenter service level management 3.5
broadcom unicenter software delivery 3.0
broadcom unicenter software delivery 3.1
broadcom unicenter software delivery 3.1 sp1
broadcom unicenter software delivery 3.1 sp2
broadcom unicenter software delivery 4.0
broadcom unicenter tng 2.1
broadcom unicenter tng 2.2
broadcom unicenter tng 2.4
broadcom unicenter tng 2.4.2
ca etrust admin 2.1
ca etrust admin 2.4
ca etrust admin 2.7
ca etrust admin 2.9
ca unicenter asset management 4.0 sp1
ca unicenter enterprise job manager 1.0 sp1
ca unicenter enterprise job manager 1.0 sp2
ca unicenter management 4.0
ca unicenter management 4.0
ca unicenter management 4.1
ca unicenter management 5.0
ca unicenter management 5.0.1
ca unicenter software delivery 4.0 sp1
ca unicenter tng 2.2
ca unicenter tng 2.1
ca unicenter tng 2.4
ca unicenter tng 2.4.2
ca unicenter remote control 6.0
ca unicenter asset management 4.0
ca advantage data transport 3.0
ca brightstor san manager 11.1
ca brightstor portal 11.1
ca cleverpath olap 5.1
ca cleverpath ecm 3.5
ca cleverpath predictive analysis server 2.0
ca cleverpath predictive analysis server 3.0
ca cleverpath aion 10.0
ca etrust admin 2.01
ca etrust admin 2.04
ca etrust admin 2.07
ca etrust admin 2.09
ca etrust admin 8.0
ca etrust admin 8.1
ca unicenter application performance monitor 3.0
ca unicenter application performance monitor 3.5
ca unicenter asset management 3.1
ca unicenter asset management 3.2
ca unicenter asset management 3.2 sp1
ca unicenter asset management 3.2 sp2
ca unicenter asset management 4.0 sp1
ca unicenter data transport option 2.0
ca unicenter enterprise job manager 1.0 sp1
ca unicenter enterprise job manager 1.0 sp2
ca unicenter jasmine 3.0
ca unicenter nsm 3.0
ca unicenter nsm 3.1
ca unicenter nsm wireless network management option 3.0
ca unicenter remote control 6.0 sp1
ca unicenter service level management 3.0
ca unicenter software delivery 3.1 sp1
ca unicenter software delivery 3.1 sp2
ca unicenter software delivery 4.0
ca unicenter software delivery 4.0 sp1
ca unicenter service level management 3.0.2
ca unicenter service level management 3.5
ca unicenter software delivery 3.0
ca unicenter software delivery 3.1
ca brightstor san manager 11.5
ca unicenter tng 2.2
ca unicenter service level management 3.0.1
Denotes that component is vulnerable