| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <D7DDF83751235046BFAC82E1244EB4C808E10E72@usilms23.ca.com>
Date: Wed Oct 19 18:36:10 2005
From: James.Williams at ca.com (Williams, James K)
Subject: cacam_logsecurity_win32 exploit published on
20051018 by Metasploit
FYI...
CA has confirmed that the cacam_logsecurity_win32.pm
exploit released on 20051018 by Metasploit targets an
issue that CA had previously discovered during an
internal audit. We posted patches and public
advisories on August 19, 2005.
References:
(URLs may wrap)
CA SupportConnect advisory:
http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.a
sp
CA public advisory sent to security mailing lists, web sites:
http://marc.theaimsgroup.com/?l=bugtraq&m=112475767805818&w=2
CA Security Advisor site: CAID 32919 - Computer Associates
Message Queuing (CAM/CAFT) multiple vulnerabilities
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32919
CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2667
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2668
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2669
OSVDB:
http://osvdb.org/18915
http://osvdb.org/18916
http://osvdb.org/18917
Metasploit exploit:
http://metasploit.com/projects/Framework/exploits.html#cacam_logsecurity
_win32
Note that our CAM code no longer contains a "log_security()"
function.
Please contact us at vuln@...com if you have any
questions or concerns.
Regards,
kw
Ken Williams ; Dir. Vuln Research
Computer Associates ; 0xE2941985
Powered by blists - more mailing lists