-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CA20140218-01: Security Notice for CA 2E Web Option
Issued: February 18, 2014
CA Technologies Support is alerting customers to a potential risk in
CA 2E Web Option (C2WEB). A vulnerability exists that can allow an
attacker to exploit an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Date: Wed, 12 Feb 2014 15:59:34 -
From: Portcullis Advisories advisor...@portcullis-security.com
[snip]
Vulnerability title: Unauthenticated Privilege Escalation in CA
2E Web Option
CVE: CVE-2014-1219
Vendor: CA
Product: 2E Web Option
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CA20121220-01: Security Notice for CA IdentityMinder
Issued: December 20, 2012
Updated: January 18, 2013
CA Technologies Support is alerting customers to two potential risks in CA
IdentityMinder (formerly known as CA Identity Manager). Two
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CA20121220-01: Security Notice for CA IdentityMinder
Issued: December 20, 2012
CA Technologies Support is alerting customers to two potential risks in CA
IdentityMinder (formerly known as CA Identity Manager). Two
vulnerabilities exist that can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CA20121001-01: Security Notice for CA License
Issued: October 01, 2012
CA Technologies Support is alerting customers to two potential risks in CA
License (also known as CA Licensing). Vulnerabilities exist that can
allow a local attacker to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CA20111208-01: Security Notice for CA SiteMinder
Issued: December 08, 2011
Updated: August 22, 2012
CA Technologies Support is alerting customers to a potential risk in
CA SiteMinder, CA Federation Manager, CA SOA Security Manager, CA
SiteMinder
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CA20111208-01: Security Notice for CA SiteMinder
Issued: December 08, 2011
CA Technologies Support is alerting customers to a potential risk in
CA SiteMinder. A vulnerability exists that can allow a malicious user
to execute a reflected cross site
CA20110809-01: Security Notice for CA ARCserve D2D
Issued: August 9, 2011
CA Technologies support is alerting customers to a security risk
associated with CA ARCserve D2D. A vulnerability exists that can
allow a remote attacker to access credentials and execute arbitrary
commands. CA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CA20110420-01: Security Notice for CA SiteMinder
Issued: April 20, 2011
Updated: May 19, 2011
CA Technologies support is alerting customers to a security risk
associated with CA SiteMinder. A vulnerability exists that can allow a
malicious
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CA20110420-02: Security Notice for CA Output Management Web Viewer
Issued: April 20, 2011
CA Technologies support is alerting customers to security risks
associated with CA Output Management Web Viewer. Two vulnerabilities
exist that can allow
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CA20110420-01: Security Notice for CA SiteMinder
Issued: April 20, 2011
CA Technologies support is alerting customers to a security risk
associated with CA SiteMinder. A vulnerability exists that can allow a
malicious user to impersonate
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention
System
Issued: February 23, 2011
Updated: February 24, 2011
CA Technologies support is alerting customers to a security risk
associated with CA Host-Based Intrusion Prevention
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CA20101231-01: Security Notice for CA ARCserve D2D
Issued: December 31, 2010
Last Updated: January 26, 2011
CA Technologies support is alerting customers to a security risk with
CA ARCserve D2D. A vulnerability exists that can allow a remote
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CA20101231-01: Security Notice for CA ARCserve D2D
Issued: December 31, 2010
CA Technologies support is alerting customers to a security risk with CA
ARCserve D2D. A vulnerability exists that can allow a remote attacker to
execute arbitrary code.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CA20100304-01: Security Notice for CA SiteMinder
Issued: March 04, 2010
CA's support is alerting customers to a security risk with CA
SiteMinder. Multiple cross site scripting (XSS) vulnerabilities
exist that can allow a remote attacker to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CA20091008-01: Security Notice for CA Anti-Virus Engine
Issued: October 8, 2009
CA's support is alerting customers to multiple security risks
associated with CA Anti-Virus Engine. Vulnerabilities exist in
the arclib component that can allow a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: CA20090615-01: CA ARCserve Backup Message Engine Denial of
Service Vulnerabilities
CA Advisory Reference: CA20090615-01
CA Advisory Date: 2009-06-15
Reported By: iViZ Security Research Team
Impact: A remote attacker can cause a denial
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: CA20090615-01: CA ARCserve Backup Message Engine Denial of
Service Vulnerabilities
CA Advisory Reference: CA20090615-01
CA Advisory Date: 2009-06-15
Reported By: iViZ Security Research Team
Impact: A remote attacker can cause a denial
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: CA20090615-02: CA Service Desk Tomcat Cross Site Scripting
Vulnerability
CA Advisory Reference: CA20090615-02
CA Advisory Date: 2009-06-15
Impact: A remote attacker can inject arbitrary web script or HTML.
Summary: The release of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: CA20090429-01: CA ARCserve Backup Apache HTTP Server
Multiple Vulnerabilities
CA Advisory Reference: CA20090429-01
CA Advisory Date: 2009-04-29
Reported By:
Apache Software Foundation
David Endler of iDefense
Ulf Harnhammar for SITIC,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: CA20090126-01: CA Anti-Virus Engine Detection Evasion
Multiple Vulnerabilities
CA Advisory Reference: CA20090126-01
CA Advisory Date: 2009-01-26
Reported By:
Thierry Zoller and Sergio Alvarez of n.runs AG
Impact: A remote attacker can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
CA Advisory Reference: CA20090123-01
CA Advisory Date: 2009-01-23
Reported By: n/a
Impact: Refer to the CVE identifiers for details.
Summary: Multiple security risks exist in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities
CA Advisory Reference: CA20090123-01
CA Advisory Date: 2009-01-23
Reported By: n/a
Impact: A remote attacker can execute arbitrary commands.
Summary: Multiple security risks
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: CA ARCserve Backup LDBserver Vulnerability
CA Advisory Date: 2008-12-10
Reported By:
Dyon Balding of Secunia Research
Impact: A remote attacker can cause a denial of service or execute
arbitrary code.
Summary: CA ARCserve Backup
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: CA ARCserve Backup Multiple Vulnerabilities
CA Advisory Date: 2008-10-09
Reported By:
Haifei Li of Fortinet's FortiGuard Global Security Research Team
Vulnerability Research Team of Assurent Secure Technologies, a
TELUS Company
Greg
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: CA Service Desk Multiple Cross-Site Scripting
Vulnerabilities
CA Advisory Date: 2008-09-24
Reported By:
Open Security Foundation
Impact: A remote attacker can conduct cross-site scripting attacks.
Summary: CA Service Desk contains
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: CA Host-Based Intrusion Prevention System SDK kmxfw.sys
Multiple Vulnerabilities
CA Advisory Date: 2008-08-11
Reported By:
CVE-2008-2926 - Tobias Klein
CVE-2008-3174 - Elazar Broad
Impact: A remote attacker can cause a denial of service
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: CA Products That Embed Ingres Multiple Vulnerabilities
CA Advisory Date: 2008-08-01
Reported By: iDefense Labs
Impact: A remote attacker can execute arbitrary code, gain
privileges, or cause a denial of service condition.
Summary: CA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: CA ARCserve Backup for Laptops and Desktops Server LGServer
Service Vulnerability
CA Advisory Date: 2008-07-31
Reported By: Vulnerability Research Team of Assurent Secure
Technologies, a TELUS Company
Impact: A remote attacker can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: CA ARCserve Backup Discovery Service Denial of Service
Vulnerability
CA Advisory Date: 2008-06-17
Reported By: Luigi Auriemma
Impact: A remote attacker can cause a denial of service.
Summary: CA ARCserve Backup contains a vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: CA Secure Content Manager HTTP Gateway Service FTP Request
Vulnerabilities
CA Advisory Date: 2008-06-03
Reported By: Sebastian Apelt working with ZDI/TippingPoint
Cody Pierce, TippingPoint DVLabs
Impact: A remote attacker
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: CA DSM gui_cm_ctrls ActiveX Control Vulnerability
CA Advisory Date: 2008-04-15
Reported By: Greg Linares of eEye Digital Security
Impact: A remote attacker can execute arbitrary code or cause a
denial of service condition.
Summary: CA
Title: CA ARCserve Backup for Laptops and Desktops Server and CA
Desktop Management Suite Multiple Vulnerabilities
CA Advisory Date: 2008-04-03
Reported By: Dyon Balding of Secunia Research
Impact: A remote attacker can execute arbitrary code or cause a
denial of service condition.
Summary:
Title: CA Multiple Products DSM ListCtrl ActiveX Control Buffer
Overflow Vulnerability
CVE: CVE-2008-1472
CA Advisory Date: 2008-03-28
Reported By: Exploit code posted at milw0rm.com
Impact: A remote attacker can cause a denial of service or execute
arbitrary code.
Summary: CA products
CA is reviewing exploit code that was posted on 2008-03-16 to the
Milw0rm exploit archive web site. This exploit code is
potentially associated with vulnerabilities that may exist in CA
BrightStor ARCserve Backup for Laptops and Desktops and/or related
products. CA will issue an advisory
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: [CAID 35970]: CA Products That Embed Ingres Authentication
Vulnerability
CA Vuln ID (CAID): 35970
CA Advisory Date: 2007-12-19
Reported By: Ingres Corporation
Impact: Attacker can gain elevated privileges.
Summary: A potential
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup
Multiple Vulnerabilities
CA Vuln ID (CAID): 35724, 35725, 35726
CA Advisory Date: 2007-10-10
CA Advisory Updated: 2007-12-05
Reported By:
Anonymous researcher working with the
Date: Wed, 28 Nov 2007 03:32:51 +
From: cocoruder. [EMAIL PROTECTED]
Subject: Re: [Full-disclosure] ZDI-07-069: CA BrightStor
ARCserve Backup Message Engine Insecure Method Expos
To: full-disclosure@lists.grok.org.uk, [EMAIL PROTECTED]
it is so amazing that the vendor's
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: [CAID 35754]: CA Host-Based Intrusion Prevention System
(CA HIPS) Server Vulnerability
CA Vuln ID (CAID): 35754
CA Advisory Date: 2007-10-18
Reported By: David Maciejak
Impact: A remote attacker can take unauthorized administrative
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: [CAID 35724, 35725, 35726]: CA BrightStor ARCserve Backup
Multiple Vulnerabilities
CA Vuln ID (CAID): 35724, 35725, 35726
CA Advisory Date: 2007-10-10
Reported By:
Anonymous researcher working with the iDefense VCP (CVE-2007-5325)
Dyon
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: [CAID 35690, 35691, 35692]: CA BrightStor Hierarchical
Storage Manager CsAgent Multiple Vulnerabilities
CA Vuln ID (CAID): 35690, 35691, 35692
CA Advisory Date: 2007-09-26
Reported By: Sean Larsson, iDefense Labs
anonymous
-Original Message-
From: Williams, James K
Sent: Tuesday, July 24, 2007 7:56 PM
To: 'full-disclosure@lists.grok.org.uk'
Subject: [CAID 35525, 35526]: CA Products Arclib Library
Denial of Service Vulnerabilities
Title: [CAID 35525, 35526]: CA Products Arclib Library Denial
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: [CAID 35527]: CA Message Queuing (CAM / CAFT) Buffer
Overflow Vulnerability
CA Vuln ID (CAID): 35527
CA Advisory Date: 2007-07-24
Reported By: Paul Mehta of ISS X-Force
Impact: A remote attacker can execute arbitrary code.
Summary:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: [CAID 35524]: eTrust Intrusion Detection caller.dll
Vulnerability
CA Vuln ID (CAID): 35524
CA Advisory Date: 2007-07-24
Reported By: Sebastian Apelt working with the iDefense VCP
Impact: A remote attacker can execute arbitrary code.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: [CAID 35525, 35526]: CA Products Arclib Library Denial of
Service Vulnerabilities
CA Vuln ID (CAID): 35525, 35526
CA Advisory Date: 2007-07-24
Reported By:
CVE-2006-5645 - Titon of BastardLabs and Damian Put
pucik at overflow dot pl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: [CAID 35515]: CA Products Alert Service RPC Procedure
Buffer Overflow Vulnerabilities
CA Vuln ID (CAID): 35515
CA Advisory Date: 2007-07-17
Reported By: Anonymous researcher working with the iDefense VCP
Impact: Remote attacker can cause a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: [CAID 35450, 35451, 35452, 35453]: CA Products That Embed
Ingres Multiple Vulnerabilities
CA Vuln ID (CAID): 35450, 35451, 35452, 35453
CA Advisory Date: 2007-06-21
Reported By: NGSSoftware, and iDefense
Impact: Attackers can potentially
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: [CAID 35395, 35396]: CA Anti-Virus Engine CAB File Buffer
Overflow Vulnerabilities
CA Vuln ID (CAID): 35395, 35396
CA Advisory Date: 2007-06-05
Reported By: ZDI
Impact: Remote attackers can cause a denial of service or
potentially execute
Title: CA BrightStor ARCserve Backup Mediasvr.exe and
caloggerd.exe Vulnerabilities
Notice Date: 2007-05-16
CA is aware that two functional exploit code samples were
publicized on May 16, 2007. These two denial of service exploits
are associated with vulnerabilities in CA BrightStor ARCserve
Title: [CAID 35330, 35331]: CA Anti-Virus, CA Threat Manager, and
CA Anti-Spyware Console Login and File Mapping Vulnerabilities
CA Vuln ID (CAID): 35330, 35331
CA Advisory Date: 2007-05-09
Reported By: ZDI, iDefense
Impact: Attackers can cause a denial of service or potentially
execute
Title: [CAID 35198, 35276]: CA BrightStor ARCserve Backup Media
Server Vulnerabilities
CA Vuln ID (CAID): 35198, 35276
CA Advisory Date: 2007-04-24
Reported By: ZDI
Impact: Remote attackers can cause a denial of service or
potentially execute arbitrary code.
Summary: CA BrightStor ARCserve
Title: [CAID 35277]: CA CleverPath Portal SQL Injection
Vulnerability
CA Vuln ID (CAID): 35277
CA Advisory Date: 2007-04-24
Reported By: Hacktics Ltd
Impact: Local attacker can access confidential data.
Summary: CA CleverPath Portal contains a vulnerability that can
allow a local attacker
CA is aware that functional exploit code was publicized on
March 30, 2007 for a CA BrightStor ARCserve Backup Mediasvr.exe
vulnerability.
We have verified that a high risk vulnerability does exist and we
are now working on a patch to address the issue.
CA recommends that BrightStor
Title: [CAID 34817, 35058, 35158, 35159]: CA BrightStor ARCserve
Backup Tape Engine and Portmapper Vulnerabilities
CA Vuln ID (CAID): 34817, 35058, 35158, 35159
CA Advisory Date: 2007-03-15
Reported By: McAfee
Impact: Remote attackers can cause a denial of service or
potentially execute
Title: [CAID 35145]: CA eTrust Admin Privilege Escalation
Vulnerability
CA Vuln ID (CAID): 35145
CA Advisory Date: 2007-03-08
Impact: Attackers can gain escalated privileges.
Summary: The CA eTrust Admin GINA component contains a privilege
escalation vulnerability within the reset password
Title: [CAID 35112]: CA eTrust Intrusion Detection Denial of Service
Vulnerability
CA Vuln ID (CAID): 35112
CA Advisory Date: 2007-02-27
Reported By: iDefense
Impact: Remote attackers can cause a denial of service condition.
Summary: CA eTrust Intrusion Detection contains a vulnerability
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: [CAID 34993]: CA BrightStor ARCserve Backup for Laptops and
Desktops Multiple Overflow Vulnerabilities
CA Vuln ID (CAID): 34993
CA Advisory Date: 2007-01-23
Discovered By: Next Generation Security Software
Impact: Remote attacker can
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: [CAID 34818]: CA Personal Firewall Multiple Privilege
Escalation Vulnerabilities
CA Vuln ID (CAID): 34818
CA Advisory Date: 2007-01-22
Discovered By: Reverse Mode
Impact: Local attacker can gain escalated privileges.
Summary: Multiple
[Full-disclosure] CA BrightStor ARCserve Backup Tape Engine
Exploit Security Notice
TheGesus thegesus at gmail.com
Wed Jan 10 16:38:47 GMT 2007
On 1/9/07, Williams, James K James.Williams at ca.com wrote:
[...]
CA BrightStor ARCserve Backup Tape Engine Exploit Security
Notice
CA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: [CAID 34955, 34956, 34957, 34958, 34959, 34817]: BrightStor
ARCserve Backup Multiple Overflow Vulnerabilities
CA Vuln ID (CAID): 34955, 34956, 34957, 34958, 34959, 34817
CA Advisory Date: 2007-01-11
Discovered By: TippingPoint, IBM ISS,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
CA BrightStor ARCserve Backup Tape Engine Exploit Security Notice
CA is aware that exploit code for a vulnerability in the Tape
Engine component of CA BrightStor ARCserve Backup was posted on
several security web sites and mailing lists on
Title: CAID 34876: CA CleverPath Portal Session Inheritance
Vulnerability
CA Vulnerability ID (CAID): 34876
CA Advisory Date: 2006-12-19
Discovered By: CA customer and CA Technical Support
Impact: Remote attackers can potentially gain access to a user's
Portal session.
Summary: CA
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: CAID 34870: CA Anti-Virus vetfddnt.sys, vetmonnt.sys Local
Denial of Service Vulnerabilities
CA Vulnerability ID (CAID): 34870
CA Advisory Date: 2006-12-13
Discovered By: Rubén Santamarta (reversemode.com)
Impact: Local unprivileged
[Full-disclosure] LS-20061001 - Computer Associates BrightStor
ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability
advisories at lssec.com advisories at lssec.com
Fri Dec 8 21:40:47 GMT 2006
LS-20061001
[...]
Technical details:
http://www.lssec.com/advisories.html
LSsecurity
[Full-disclosure] LS-20060908 - Computer Associates BrightStor
ARCserve Backup v11.5 Remote Buffer Overflow Vulnerability
advisories at lssec.com advisories at lssec.com
Fri Dec 8 21:39:31 GMT 2006
LS-20060908
[...]
Technical details:
http://www.lssec.com/advisories.html
LSsecurity
Title: CAID 34846: CA BrightStor ARCserve Backup Discovery Service
Buffer Overflow Vulnerability
CA Vulnerability ID (CAID): 34846
CA Advisory Date: 2006-12-07
Discovered By: Assurent Secure Technologies (assurent.com)
Impact: Remote attacker can execute arbitrary code.
Summary: CA
Our original fixes for the BrightStor ARCserve Backup
vulnerabilities that we publicly disclosed on 2006-10-05
(http://www3.ca.com/securityadvisor/blogs/posting.aspx?id=90744pid=93775date=2006/10)
did not completely resolve one of the vulnerabilities.
Consequently, we have released new fixes
Title: CAID 34693, 34694: CA BrightStor ARCserve Backup Multiple
Buffer Overflow Vulnerabilities
CA Vulnerability ID (CAID): 34693, 34694
CA Advisory Date: 2006-10-05
Discovered By: TippingPoint, www.zerodayinitiative.com
Impact: Remote attacker can execute arbitrary code.
Summary: CA
Title: CAID 34661: CA Unicenter WSDM File System Read Access
Vulnerability
CA Vulnerability ID (CAID): 34661
CA Advisory Date: 2006-10-03
Discovered By:
Oliver Karow, Symantec Security Consultant
oliver_karow at symantec dot com
Richard Sammet, Symantec Security Consultant
richard_sammet at
Title: CAID 34616, 34617, 34618: CA eTrust Security Command Center
and eTrust Audit vulnerabilities
CA Vulnerability ID (CAID): 34616, 34617, 34618
CA Advisory Date: 2006-09-20
Discovered By:
Patrick Webster of aushack.com
Impact: Remote attacker can read/delete files, or potentially
Title: CA eTrust Antivirus WebScan vulnerabilities
CA Vulnerability ID (CAID): 34509
CA Advisory Date: 2006-08-03
Discovered By:
Matt Murphy of the TippingPoint Security Research Team
Impact: Remote attacker can execute arbitrary code.
Summary: Ca eTrust Antivirus WebScan is a free,
Title: CAID 34325 - CA ITM, eAV, ePP scan job description field format
string vulnerability
CA Vulnerability ID: 34325
CA Advisory Date: 2006-06-26
Discovered By: Deral Heiland (www.layereddefense.com)
Impact: Attackers can cause a denial of service condition or possibly
execute arbitrary
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Title: CAID 34013 - CA Common Services CAIRIM on z/OS LMP SVC
vulnerability
CA Vulnerability ID: 34013
CA Advisory Date: 2006-05-02
Discovered By: IBM Global Services
Impact: Local attacker can gain escalated privileges.
Summary:
A
Title: CAID 33581 - CA Message Queuing Denial of Service
Vulnerabilities
CA Vulnerability ID: 33581
CA Advisory Date: 2006-02-02
Discovered By: Nicolas Pouvesle of Tenable Network Security
Impact: Remote attacker can cause a denial of service condition.
Summary: The following two security
Please see below for important changes to CAID 33778.
Changelog is near end of advisory.
Regards,
Ken Williams
Title: CAID 33778 - CA iGateway Content-Length Buffer Overflow
Vulnerability [v1.1]
CA Vulnerability ID: 33778
CA Advisory Date: 2006-01-23
Updated Advisory [v1.1]: 2006-01-26
Title: CAID 33778 - CA iGateway Content-Length Buffer Overflow
Vulnerability
CA Vulnerability ID: 33778
CA Advisory Date: 2006-01-23
Discovered By: Erika Mendoza reported this issue to iDefense.
Impact: Remote attacker can execute arbitrary code with SYSTEM
privileges.
Summary: The CA
Title: CAID 33756 - DM Deployment Common Component
Vulnerabilities
CA Vulnerability ID: 33756
Discovery Date: 2005-12-20
CA Advisory Date: 2006-01-17
Discovered By: Cengiz Aykanat (CA internal audit), and
Karma[at]DesignFolks[dot]com[dot]au.
Impact: Remote attacker can cause a denial of
Subject: Re: Multiple Vendor Anti-Virus Software Detection
Evasion Vulnerability through forged magic byte
From: Andrey Bayora andrey () securityelf ! org
Date: 2005-10-25 3:07:51
[...]
VULNERABLE vendors and software (tested):
[...]
3. eTrust CA (ver 7.0.1.4, engine 11.9.1, vir
Advisory has been updated to announce availability of iGateway
updates for all platforms.
Title: Computer Associates iGateway debug mode HTTP GET request
buffer overflow vulnerability (v1.1)
CA Vulnerability ID: 33485
Discovery Date: 2005-10-06
CA Advisory Date v1.0: 2005-10-14 (initial
List: full-disclosure
Subject:Re: [Full-disclosure] NUL Character Evasion
From: fd () ew ! nsci ! us
Date: 2005-09-15 19:57:30
On Thu, 15 Sep 2005, Williams, James K wrote:
List: full-disclosure
Subject:[Full-disclosure] NUL Character Evasion
From
List: full-disclosure
Subject:[Full-disclosure] NUL Character Evasion
From: ju () heisec ! de
Date: 2005-09-13 21:24:42
The Problem:
Internet Explorer ignores NUL characters
-- i.e. ascii characters with the value 0x00 -- most
security software does
Title: 32919 - Computer Associates Message Queuing (CAM/CAFT)
multiple vulnerabilities
CA Vulnerability ID: CAID 32919
Disclosure Date: 2005-08-19
Discovered By: CA internal audit
Impact: Remote attackers can execute arbitrary code, or cause a
denial of service condition.
Summary:
-Original Message-
From: Williams, James K
Sent: Tuesday, August 02, 2005 2:10 PM
To: 'full-disclosure@lists.grok.org.uk'
Subject: CAID 33239 - Computer Associates BrightStor
ARCserve/Enterprise Backup Agents buffer overflow vulnerability
List: full-disclosure
Subject:[Full-disclosure] SiteMinder Multiple Vulnerabilities
From: c0ntexb () gmail ! com
Date: 2005-07-08 14:08:53
Message-ID: df8ba96d050708070869551019 () mail ! gmail ! com
$ An open security advisory #10 - Siteminder v5.5 Vulnerabilities
List: full-disclosure
Subject:SiteMinder Multiple Vulnerabilities
From: c0ntex c0ntexb () gmail ! com
Date: 2005-07-08 14:08:53
$ An open security advisory #10 - Siteminder v5.5
Vulnerabilities
[...]
This issue is NOT present in out-of-the-box installations of
CAID 32896 - Computer Associates Vet Antivirus engine heap overflow
vulnerability
CA Vulnerability ID: 32896
Discovery Date: 2005/04/26
Discovered By: Alex Wheeler
Title:
Computer Associates Vet Antivirus engine heap overflow vulnerability
Impact:
Remote attackers can gain privileged
86 matches
Mail list logo