CAM agent vulnerability --/etc/shadow), one line from the file is shown to the user in an error
search cancel

CAM agent vulnerability --/etc/shadow), one line from the file is shown to the user in an error

book

Article ID: 258474

calendar_today

Updated On:

Products

CA Identity Suite

Issue/Introduction

We are having issue with one of the vulnerabilities regarding CAM Agent software casrvc. 

"casrvc, a shared component for CA products, allows a user to specify a file to restore services from. If a file that the user cannot access is specified (for example, /etc/shadow), one line from the file is shown to the user in an error."

Environment

Release : 14.3

Cause

The vulnerability is no longer relevant from an Identity Manager perspective as the older connectors are no longer supported. 

From version 14.0, the UNIX V1 connector is not supported. If you are upgrading from any previous version to r 14, UNIX - ETC and UNIX - NIS endpoint types are still visible in 

Endpoint Types

 drop down list but do not function. If you want to use UNIX connector, migrate the UNIX V1 connector to UNIX V2 connector.

Resolution

If you want to use UNIX connector, migrate the UNIX V1 connector to UNIX V2 connector.

 

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/identity-management-and-governance-connectors/1-0/connectors/unix-connectors/introduction-to-the-unix-connectors.html

 

https://api-broadcom-ca.wolkenservicedesk.com/attachment/get_attachment_content?uniqueFileId=uNZFqEqgVk5a9zHnmnoOiw==

Powered by Wolken Software