Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2012.1154
CA20121205-01: Security Notice for CA XCOM Data Transport on Unix and Linux
7 December 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: CA XCOM Data Transport
Publisher: Computer Associates
Operating System: UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2012-5973
Original Bulletin:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={358F44CA-6354-4427-9088-C57138E9EE11}
- --------------------------BEGIN INCLUDED TEXT--------------------
CA20121205-01: Security Notice for CA XCOM Data Transport on Unix and Linux
Issued: December 05, 2012
CA Technologies Support is alerting customers to a potential risk with CA XCOM
Data Transport. A vulnerability exists that can allow a remote attacker to
execute arbitrary commands. CA Technologies has issued patches to address the
vulnerability.
The vulnerability, CVE-2012-5973, occurs due to insufficient verification of
requests. A remote attacker can send a carefully constructed request to execute
arbitrary commands and compromise the server.
Risk Rating
High
Platforms
Unix
Linux
Affected Products
The following CA XCOM Data Transport releases for Linux and UNIX platforms are
affected:
CA XCOM Data Transport r11.5
CA XCOM Data Transport for Linux PC
CA XCOM Data Transport for HP/UX
CA XCOM Data Transport for HP-UX IA64
CA XCOM Data Transport r11.0
CA XCOM Data Transport for AIX
CA XCOM Data Transport for AIX Brixton
CA XCOM Data Transport for Digital UNIX
CA XCOM Data Transport for HP/UX
CA XCOM Data Transport for HP-UX IA64
CA XCOM Data Transport for Linux PC
CA XCOM Data Transport for Linux zSeries
CA XCOM Data Transport for NCR UNIX MP-RAS
CA XCOM Data Transport for SCO OpenServer
CA XCOM Data Transport for SCO UnixWare
CA XCOM Data Transport for Sun Solaris Brixton
CA XCOM Data Transport for Sun Solaris Operating System
CA XCOM Data Transport for Sun Solaris X86
Non-Affected Products
All CA XCOM Data Transport r11.6 for Linux and UNIX platforms
All versions of CA XCOM Data Transport for non-Linux and non-UNIX platforms,
which include:
CA XCOM Data Transport for AS/400 i5/OS
CA XCOM Data Transport for AS/400 i5/OS CISC
CA XCOM Data Transport for HP NonStop
CA XCOM Data Transport for HP NonStop IA64
CA XCOM Data Transport for LAN Server NetWare
CA XCOM Data Transport for LAN Workstation for OS/2
CA XCOM Data Transport for LAN Workstation for Windows
CA XCOM Data Transport for OpenVMS
CA XCOM Data Transport for OpenVMS Alpha
CA XCOM Data Transport for OpenVMS I64
CA XCOM Data Transport for OpenVMS VAX
CA XCOM Data Transport for OS/2 Workstation
CA XCOM Data Transport for PC-DOS Workstation
CA XCOM Data Transport for Stratus CISC
CA XCOM Data Transport for Stratus Continuum
CA XCOM Data Transport for Stratus RISC
CA XCOM Data Transport for VAX
CA XCOM Data Transport for Windows Family Professional
CA XCOM Data Transport for Windows Family Server
CA XCOM Data Transport for z/OS
CA XCOM Data Transport for z/VM
CA XCOM Data Transport for z/VSE
CA XCOM Data Transport for z/VSE CICS
CA XCOM Data Transport Gateway
CA XCOM Data Transport Management Center
How to determine if the installation is affected
From a command prompt, issue the following command:
xcomd -r
Any CA XCOM Data Transport for Linux/UNIX platform that are below the
following release level(s) are affected:
For CA XCOM Data Transport r11.5 SP00 versions:
CA XCOM Data Transport r11.5 12090 SP00
For CA XCOM Data Transport r11.0 SP01 versions:
CA-XCOM Data Transport Version r11 0603W SP01
For CA XCOM Data Transport r11.0 SP02 versions:
CA-XCOM Data Transport Version r11 0812J SP02
Solution
CA Technologies has issued the following patches to address the
vulnerabilities.
CA XCOM Data Transport r11.5:
CA XCOM Data Transport for Linux PC
SP00 - RO52253
CA XCOM Data Transport for HP/UX
SP00 - RO52259
CA XCOM Data Transport for HP-UX IA64
SP00 - RO52261
CA XCOM Data Transport r11.0:
CA XCOM Data Transport for AIX
SP02 - RO52265
SP01 - RO52264
CA XCOM Data Transport for AIX Brixton
SP02 - RO52265
SP01 - RO52264
CA XCOM Data Transport for Digital UNIX
SP01 - RO52257
CA XCOM Data Transport for HP/UX
SP02 - RO52258
SP01 - RO52587
CA XCOM Data Transport for HP-UX IA64
SP02 - RO52260
CA XCOM Data Transport for Linux PC
SP01 - RO52252
CA XCOM Data Transport for Linux zSeries
SP01 - RO52254
CA XCOM Data Transport for NCR UNIX MP-RAS
SP01 - RO52256
CA XCOM Data Transport for SCO OpenServer
SP01 - RO52266
CA XCOM Data Transport for SCO UnixWare
SP01 - RO52269
CA XCOM Data Transport for Sun Solaris Brixton
SP02 - RO52268
SP01 - RO52267
CA XCOM Data Transport for Sun Solaris Operating System
SP02 - RO52268
SP01 - RO52267
CA XCOM Data Transport for Sun Solaris X86
SP01 - RO52255
Workaround
Set the CA XCOM global parameter to "XENDCMD=" in the xcom.glb file.
References
CVE-2012-5973 - XCOM DT remote command execution
Acknowledgement
CVE-2012-5973 - Jurgens van der Merwe and Junaid Loonat from SensePost
Change History
Version 1.0: Initial Release
If additional information is required, please contact CA Technologies Support
at https://support.ca.com/.
If you discover a vulnerability in CA Technologies products, please report
your findings to the CA Technologies Product Vulnerability Response Team.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBUMFAju4yVqjM2NGpAQI46A/+NN2Ti29ubdLbqse16ZfXUSfcIjmPeDMh
J7kOwIgezRcMnlCDP85l0YwtQ9EAJyphIFSN0AEiXntRdJYa5+n81OM9eYwTCew4
qP5uMrswQUAn3UZFbllX6nuIiFOaUGj7w379DnuOAggQRQkP8l1+YSiixRqzRAZn
YLdGElJeg5WHL5W7D0OYGl6D8W6sj7US+A2Qar8lKeq2w3yK2vFEarWuuwDlutK3
t10ePJCCnU6E34Vu/klPoTn6EwoptA9Pr1inZvVXLcO+CJJDl7vGxvEqIcl6SiR/
LQn/8QwuFYqPN3LR1zDKDcp6zJ/LkVB69ksbBrweTMF0PcXzwabw8iH6OF1KXfnt
y+CdXeMlNGEHGdxyo5AbIX/2RuZvbRinXd6lHXJ+Hh4YGZSYPEEBnIfctTDhsdMu
2YGkTNl5qFxbLgnsoOC1TQeS4QlaFq9a8A99ZBZRREaqf4dbCnb0P79Xpt0lyfbM
XqO/yLeDELCqWoyQwwf7LAHmozl48hAF2RVhVMsntrsJHh3z8mdnAeaf8SPndZCJ
aS4XEhh7dcTbfiYvdvg1dL2udwEPSNQALTD0AKIwI/aqByGMBtySWMq2h2keepVS
uV7DHtJSfv/smRnI9+Z5VVQ4YjifMjJivzuIy+GcrhFNVpkTeh7F9Kq57QIvygdX
LPBheX1+wnc=
=p1FD
-----END PGP SIGNATURE-----