Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2011.1162 CA20111116-01: Security Notice for CA Directory 18 November 2011 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: CA Directory Publisher: Computer Associates Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2011-3849 Original Bulletin: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={286545DB-00B9-4B4C-8DE7-F00827F3CC75} - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- CA20111116-01: Security Notice for CA Directory Issued: November 16, 2011 CA Technologies Support is alerting customers to a potential risk with CA Directory. A vulnerability exists that can allow a remote attacker to cause a denial of service condition. Remediation is available to address the vulnerability. The vulnerability, CVE-2011-3849, occurs due to insufficient bounds checking. A remote attacker can send a SNMP packet that can cause a crash. Risk Rating High Platform All Affected Products CA Directory r12 SP1-SP7 CA Directory 8.1 CA products that bundle CA Directory with the installation media: CA Identity Manager CA SiteMinder CA Single Sign-On CA DLP CA Clarity PPM CA Embedded Entitlements Manager 8.4.409 (8.4 SP4 CR09) and prior Note: CA Embedded Entitlements Manager is distributed with the following products: CA Aion CA APM CA Asset Portfolio Management CA Audit CA Automation Suite for Data Centers CA Client Automation CA Configuration Automation CA Directory CA eHealth CA Infrastructure Management CA Introscope CA IT Asset Manager CA Process Automation CA Service Catalog CA Service Desk Manager CA Service Metric Analysis CA Service Operations Insight CA Software Compliance Manager CA User Activity Reporting Module CA Virtual Automation CA Virtual Automation for IM CA Workflow CA Workload Automation CA Workload Control Center Depending on how the individual product is implemented, CA Directory may or may not be used by default when CA Embedded Entitlements Manager is installed. If you have installed one of the products in this list, refer to the product's installation or implementation guide for specific details concerning CA Directory. Non-Affected Products CA Directory r12 SP7 CR1 and later CA Embedded Entitlements Manager r12 How to determine if the installation is affected CA Directory Verify the version of dxserver by running the command "dxserver version" on the command line. All versions prior to version 6279 are affected. CA Embedded Entitlements Manager See the Solution section to determine if the installation is vulnerable. Solution CA Directory For CA Directory, upgrade to SP7 CR1 (build 6279): CA Directory Solutions & Patches (url line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=3D%7 bED89688A-C7A2-4FE9-85D9-1272D345A658%7d CA Embedded Entitlements Manager For products that include CA Embedded Entitlements Manager 8.4.409 (8.4 SP4 CR09) and prior, use the following instructions to remediate the vulnerability: Steps to Secure EEM Servers with Directory SNMP Vulnerability (url line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=3D%7 b0C234958-A014-4435-9EA9-3A39F2866D48%7d Workaround The vulnerability is related to CA Directory parsing of SNMP packets. To mitigate the risk, the SNMP port can be disabled by removing the "set snmp-port" line from the DSA's knowledge configuration section. References CVE-2011-3849 - CA Directory denial of service CA20111116-01: Security Notice for CA Directory (url line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=3D%7 b286545DB-00B9-4B4C-8DE7-F00827F3CC75%7d Acknowledgement CVE-2011-3849 - nabCERT, National Australia Bank Change History Version 1.0: Initial Release If additional information is required, please contact CA Technologies Support at http://support.ca.com/ If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team: (url line wraps) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=3D17 7782 Regards, Kevin Kotas CA Product Vulnerability Response Team - -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBTsQmQZI1FvIeMomJAQEUeggArMki8ZvdQG4MCAq2Aqw5wBE6bFaFMoax 4oAo+E91TeOkDuh5UBXGlOj/aVmnvpw4PAFJGz5xjybrRRWBMocr7/pvGJ585WwO f/RcKZ5i/5TBvA2beOO/A0bxgP50/g3+T7kNePVc1F9Da6spnipeBwd0rzh+ermJ oRs2FbCJtuR1hdviqxdOAUNqCZqAcU4V1rKu5OVDgvu9uPRl6/H5vKO4ffKdzdrc Iefcob+aSnvNqoPQfBAlrbK+nNN3bHHfKXDD6X02Y/R9n1T1YJM4jeO4CIFQGN6i /MDJ3VKKiflxMeezJJgs3SkByAwfxfpKWj72n1kf9v/rkx/609FCUw=3D=3D =3DbqKd - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBTsWccO4yVqjM2NGpAQJ49Q/9F918Sj9ysw6ZEOjrOZ0nti+tnjRlmC7G B5Pl1UJ1sKJs4INzQhPN7lUIVMMZR9k2/35AHaGMyI3u3aVmSbEac+KfXG43qeHH aoT8soLulCsj5y4d943FxnHInDN4vz3qGnEzXXocCZVliBW5CmV5+YDOFgNWj9qu GkIXwgvFQJksCacP9hRVeSRjhWX4PJODxCbHcdfC0Ly5QNJmZ6veeOKMyRQqHmMm y0Ah7+SjntUT7R0mWhbiLpxfRmcua1f4SUgOrc3UtDFPRg2Q6SvMXx0k18/S4qZF /hn6FLz9utYNJ/v+gBSSbKl6wYzFuL3mSyWbrPenUWNYFn1OO7sARE6GT9FUE6+X QT6FlwpfPLeRCEzyH0dtWIYP+Kwqt6/HQSDGDBYM9nvP+9cnztluzW/K/yhfrHi0 MlGQyMFtChvROjKClCwsXmECACokW6gXd31uvr08O1jshuA4F7kKNnvZZn6KWMz9 Pkid1QVuE7dqx7GU5gFE5/qNr2CpDI/JuNqgTd/MAbTpogWUvf6RRP+m/WcCxuAM /SnOtJVa4wQ3iS5udbpSFiAGfLyaZvE+fzjQrCTa7dOMnC8NN87IhpgtKDbOfZJK v4P9c/r4od1AZqVT7fgBkCZOejU7G+ljUtShOPA0T/APziAhLm0hroNUuY9/XuZd mP1CGxh6NMo= =Hi2B -----END PGP SIGNATURE-----