| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <50CA915430EBF44B87ADE2DCE06A2CBD78F46E1A@usilms114b.ca.com> Date: Tue, 28 May 2013 23:30:43 +0000 From: "Kotas, Kevin J" <Kevin.Kotas@...com> To: "'full-disclosure@...ts.grok.org.uk' (full-disclosure@...ts.grok.org.uk)" <full-disclosure@...ts.grok.org.uk> Subject: CA20130528-01: Security Notice for CA Process Automation (CA PAM) -----BEGIN PGP SIGNED MESSAGE----- CA20130528-01: Security Notice for CA Process Automation (CA PAM) Issued: May 28, 2013 CA Technologies support is alerting customers to a vulnerability with CA Process Automation (CA PAM). The vulnerability, CVE-2010-1871, occurs in the bundled JBoss Seam component. A remote attacker can execute arbitrary code. Risk Rating High Platform All supported platforms Affected Products CA Process Automation 4.0 CA Process Automation 4.0 SP1 CA Process Automation 4.1 CA Process Management for Workflows 4.0 SP1 CA Process Management for Workflows 4.1 CA Technologies products that bundle this software include: CA IT Asset Manager 12.8 CA Server Automation 12.7.1 CA Server Automation 12.8 CA Service Catalog 12.8 CA Service Desk Manager 12.5 CA Service Desk Manager 12.6 CA Service Desk Manager 12.7 How to determine if the installation is affected To determine whether the Seam component is installed and enabled, check for the following files. If the files are present, then the installation may be vulnerable. Directory File <PAM_Home>\server\c2o\deployers seam.deployer <PAM_Home>\server\c2o\deployers webbeans.deployer <PAM_Home>\server\c2o\deploy admin-console.war Solution CA Technologies issued the following remediation to address the vulnerability. For Process Automation 4.0, 4.0 SP1, 4.1 and Process Management for Workflows 4.0 SP1, 4.1: Apply the manual remediation steps described in TEC591669. References CVE-2010-1871 CA20130528-01: Security Notice for CA Process Automation (CA PAM) https://support.ca.com/irj/portal/anonymous/phpsbpldgpg Version 1.0: Initial Release If additional information is required, please contact CA Technologies Support at http://support.ca.com/ If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team: https://support.ca.com/irj/portal/anonymous/phpsbpldgpg Regards, Kevin Kotas Director, CA Technologies Product Vulnerability Response Team Copyright (c) 2013 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies. -----BEGIN PGP SIGNATURE----- Charset: utf-8 wsBVAwUBUaU4FZI1FvIeMomJAQGkgQf+KMl2ia2Wn15Mgd4wpC0pyMelgV5zepEv zrs5XWIZcMmVughDOPh3Sn0sfGD50+SjkTJOX6T4pUFKa+GMt0KEjvxDEUoP663z 5N7Kj74049STpcofkSq8Rr9UtIGl6//pvP6EVhdhrl65ZEnmyITmsd6jNLvALmL7 EQEyTFwJfAt6zT4hSX3wFO95pozvsGNOQElJnoZcrjPK71EgMXdHJtERHqIxCeKQ A1d0oWjtQsk5IeCOi79gH2PlIYUt5oWfnrhZqzQ9sYV7u90LKHQzNwKLCbqIrZE3 RQiY1BeQAKXSKd/nrCYDaH8TWBxdpnH28AeHX6zJTAHovzAQVHRDLg== =9l+r -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists