Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2012.1154 CA20121205-01: Security Notice for CA XCOM Data Transport on Unix and Linux 7 December 2012 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: CA XCOM Data Transport Publisher: Computer Associates Operating System: UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2012-5973 Original Bulletin: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={358F44CA-6354-4427-9088-C57138E9EE11} - --------------------------BEGIN INCLUDED TEXT-------------------- CA20121205-01: Security Notice for CA XCOM Data Transport on Unix and Linux Issued: December 05, 2012 CA Technologies Support is alerting customers to a potential risk with CA XCOM Data Transport. A vulnerability exists that can allow a remote attacker to execute arbitrary commands. CA Technologies has issued patches to address the vulnerability. The vulnerability, CVE-2012-5973, occurs due to insufficient verification of requests. A remote attacker can send a carefully constructed request to execute arbitrary commands and compromise the server. Risk Rating High Platforms Unix Linux Affected Products The following CA XCOM Data Transport releases for Linux and UNIX platforms are affected: CA XCOM Data Transport r11.5 CA XCOM Data Transport for Linux PC CA XCOM Data Transport for HP/UX CA XCOM Data Transport for HP-UX IA64 CA XCOM Data Transport r11.0 CA XCOM Data Transport for AIX CA XCOM Data Transport for AIX Brixton CA XCOM Data Transport for Digital UNIX CA XCOM Data Transport for HP/UX CA XCOM Data Transport for HP-UX IA64 CA XCOM Data Transport for Linux PC CA XCOM Data Transport for Linux zSeries CA XCOM Data Transport for NCR UNIX MP-RAS CA XCOM Data Transport for SCO OpenServer CA XCOM Data Transport for SCO UnixWare CA XCOM Data Transport for Sun Solaris Brixton CA XCOM Data Transport for Sun Solaris Operating System CA XCOM Data Transport for Sun Solaris X86 Non-Affected Products All CA XCOM Data Transport r11.6 for Linux and UNIX platforms All versions of CA XCOM Data Transport for non-Linux and non-UNIX platforms, which include: CA XCOM Data Transport for AS/400 i5/OS CA XCOM Data Transport for AS/400 i5/OS CISC CA XCOM Data Transport for HP NonStop CA XCOM Data Transport for HP NonStop IA64 CA XCOM Data Transport for LAN Server NetWare CA XCOM Data Transport for LAN Workstation for OS/2 CA XCOM Data Transport for LAN Workstation for Windows CA XCOM Data Transport for OpenVMS CA XCOM Data Transport for OpenVMS Alpha CA XCOM Data Transport for OpenVMS I64 CA XCOM Data Transport for OpenVMS VAX CA XCOM Data Transport for OS/2 Workstation CA XCOM Data Transport for PC-DOS Workstation CA XCOM Data Transport for Stratus CISC CA XCOM Data Transport for Stratus Continuum CA XCOM Data Transport for Stratus RISC CA XCOM Data Transport for VAX CA XCOM Data Transport for Windows Family Professional CA XCOM Data Transport for Windows Family Server CA XCOM Data Transport for z/OS CA XCOM Data Transport for z/VM CA XCOM Data Transport for z/VSE CA XCOM Data Transport for z/VSE CICS CA XCOM Data Transport Gateway CA XCOM Data Transport Management Center How to determine if the installation is affected From a command prompt, issue the following command: xcomd -r Any CA XCOM Data Transport for Linux/UNIX platform that are below the following release level(s) are affected: For CA XCOM Data Transport r11.5 SP00 versions: CA XCOM Data Transport r11.5 12090 SP00 For CA XCOM Data Transport r11.0 SP01 versions: CA-XCOM Data Transport Version r11 0603W SP01 For CA XCOM Data Transport r11.0 SP02 versions: CA-XCOM Data Transport Version r11 0812J SP02 Solution CA Technologies has issued the following patches to address the vulnerabilities. CA XCOM Data Transport r11.5: CA XCOM Data Transport for Linux PC SP00 - RO52253 CA XCOM Data Transport for HP/UX SP00 - RO52259 CA XCOM Data Transport for HP-UX IA64 SP00 - RO52261 CA XCOM Data Transport r11.0: CA XCOM Data Transport for AIX SP02 - RO52265 SP01 - RO52264 CA XCOM Data Transport for AIX Brixton SP02 - RO52265 SP01 - RO52264 CA XCOM Data Transport for Digital UNIX SP01 - RO52257 CA XCOM Data Transport for HP/UX SP02 - RO52258 SP01 - RO52587 CA XCOM Data Transport for HP-UX IA64 SP02 - RO52260 CA XCOM Data Transport for Linux PC SP01 - RO52252 CA XCOM Data Transport for Linux zSeries SP01 - RO52254 CA XCOM Data Transport for NCR UNIX MP-RAS SP01 - RO52256 CA XCOM Data Transport for SCO OpenServer SP01 - RO52266 CA XCOM Data Transport for SCO UnixWare SP01 - RO52269 CA XCOM Data Transport for Sun Solaris Brixton SP02 - RO52268 SP01 - RO52267 CA XCOM Data Transport for Sun Solaris Operating System SP02 - RO52268 SP01 - RO52267 CA XCOM Data Transport for Sun Solaris X86 SP01 - RO52255 Workaround Set the CA XCOM global parameter to "XENDCMD=" in the xcom.glb file. References CVE-2012-5973 - XCOM DT remote command execution Acknowledgement CVE-2012-5973 - Jurgens van der Merwe and Junaid Loonat from SensePost Change History Version 1.0: Initial Release If additional information is required, please contact CA Technologies Support at https://support.ca.com/. If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBUMFAju4yVqjM2NGpAQI46A/+NN2Ti29ubdLbqse16ZfXUSfcIjmPeDMh J7kOwIgezRcMnlCDP85l0YwtQ9EAJyphIFSN0AEiXntRdJYa5+n81OM9eYwTCew4 qP5uMrswQUAn3UZFbllX6nuIiFOaUGj7w379DnuOAggQRQkP8l1+YSiixRqzRAZn YLdGElJeg5WHL5W7D0OYGl6D8W6sj7US+A2Qar8lKeq2w3yK2vFEarWuuwDlutK3 t10ePJCCnU6E34Vu/klPoTn6EwoptA9Pr1inZvVXLcO+CJJDl7vGxvEqIcl6SiR/ LQn/8QwuFYqPN3LR1zDKDcp6zJ/LkVB69ksbBrweTMF0PcXzwabw8iH6OF1KXfnt y+CdXeMlNGEHGdxyo5AbIX/2RuZvbRinXd6lHXJ+Hh4YGZSYPEEBnIfctTDhsdMu 2YGkTNl5qFxbLgnsoOC1TQeS4QlaFq9a8A99ZBZRREaqf4dbCnb0P79Xpt0lyfbM XqO/yLeDELCqWoyQwwf7LAHmozl48hAF2RVhVMsntrsJHh3z8mdnAeaf8SPndZCJ aS4XEhh7dcTbfiYvdvg1dL2udwEPSNQALTD0AKIwI/aqByGMBtySWMq2h2keepVS uV7DHtJSfv/smRnI9+Z5VVQ4YjifMjJivzuIy+GcrhFNVpkTeh7F9Kq57QIvygdX LPBheX1+wnc= =p1FD -----END PGP SIGNATURE-----