[QI-3645][SG][CA PAM][MAS] RE: CA PAM - MySQL Vulnerability

book

Article ID: 195924

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

Customer routine VAST scan flagged out that CA PAM is vulnerable to MySQL Anonymous Login Handshake Remote Information Disclosure which uses TCP 6032.

The resolution given was to upgrade to MySQL 4.0.27 / 4.1.19 / 5.0.21 / 5.1.10 or later. This cannot be done as an appliance is a hardened appliance and the customer doesn’t have access to modify any part of the application.

 

Cause

This is not a Vulnerability, MySQL uses port 3306 by default. This port should not be accessible from untrusted hosts.

 

Environment

Release : 3.2.x, 3.3.0 and 3.3.1

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

The defect DE435560 has been addressed in PAM 3.3.2 and higher

Attachments