Unicenter TNG Utilities Multiple Remote Buffer Overflow Vulnerabilities

book

Article ID: 32094

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Risk Analytics CA Secure Cloud SaaS - Arcot A-OK (WebFort) CLOUDMINDER ADVANCED AUTHENTICATION CA Secure Cloud SaaS - Advanced Authentication CA Secure Cloud SaaS - Identity Management CA Secure Cloud SaaS - Single Sign On

Issue/Introduction

Issue:

A Vulnerability Scan has detected and reported a vulnerability similar to this:

38429 CA (Computer Associates) Unicenter TNG Utilities Multiple Remote Buffer Overflow Vulnerabilities. 
This is also associated to 
CVE-2004-1812
 

 

Environment:

Can occur in 12.5 and 12.6 versions of Identity Manager.

 

Cause:

The Remote Buffer Overflow vulnerability is a known problem that occurs in CAM, which is used with the Provisioning Server. A fix is included in CAM 1.14 build 1, however the scan may still report the vulnerability even when CAM 1.14 build 1 is installed. In most cases the reported vulnerability should be considered a false alarm (see Resolution below).

 

Resolution:

The vulnerability is fixed in CAM 1.14 build 1. 

1. Verify the CAM version by running camstat at the command prompt on the Provisioning Server.

The output of camstat will look something like this.

CAM - Version 1.14 (Build 1) 

2. If your current CAM version is 1.14 (Build 1) there is no further action required and the vulnerability reported by the scan should be ignored as a false alarm.

If your CAM version is lower than 1.14 Build 1 you may need to upgrade, though all current versions of Identity Manager should have 1.1.4 build 1. Please contact Support for assistance if camstat does not show CAM - Version 1.14 (Build 1).



Environment

Release: CAPUEL99000-12.5-Identity Manager-Blended upgrade to Identity &-Access Mgmt Ente
Component:

Resolution

Please Update This Required Field