Vulnerability Details : CVE-2005-2668
Public exploit exists!
Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown vectors.
Vulnerability category: Execute code
Products affected by CVE-2005-2668
- cpe:2.3:a:ca:unicenter_management:4.0:*:lotus_notes_domino:*:*:*:*:*
- cpe:2.3:a:ca:unicenter_management:4.0:*:microsoft_exchange:*:*:*:*:*
- cpe:2.3:a:ca:unicenter_management:4.1:*:microsoft_exchange:*:*:*:*:*
- cpe:2.3:a:ca:unicenter_management:5.0.1:*:web_servers:*:*:*:*:*
- cpe:2.3:a:ca:unicenter_management:3.5:*:websphere_mq:*:*:*:*:*
- cpe:2.3:a:ca:unicenter_management:5.0:*:web_servers:*:*:*:*:*
- cpe:2.3:a:ca:unicenter_tng:2.2:*:*:ja:*:*:*:*
- cpe:2.3:a:ca:unicenter_asset_management:4.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:ca:etrust_admin:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ca:etrust_admin:2.7:*:*:*:*:*:*:*
- cpe:2.3:a:ca:etrust_admin:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ca:etrust_admin:2.9:*:*:*:*:*:*:*
- cpe:2.3:a:ca:unicenter_enterprise_job_manager:1.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:ca:unicenter_enterprise_job_manager:1.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:ca:unicenter_software_delivery:4.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_remote_control:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_remote_control:6.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_tng:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_tng:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_tng:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_tng:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_network_and_systems_management:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_asset_management:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_asset_management:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_asset_management:3.2:sp1:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_asset_management:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_asset_management:3.2:sp2:*:*:*:*:*:*
- cpe:2.3:a:broadcom:cleverpath_olap:5.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:cleverpath_predictive_analysis_server:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:cleverpath_predictive_analysis_server:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:etrust_admin:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:etrust_admin:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_data_transport_option:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:brightstor_san_manager:1.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:broadcom:brightstor_san_manager:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:brightstor_san_manager:1.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:broadcom:brightstor_san_manager:11.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:cleverpath_ecm:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_jasmine:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_performance_management:2.4:sp3:openvms:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_software_delivery:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_software_delivery:3.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_software_delivery:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_software_delivery:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_software_delivery:3.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:broadcom:advantage_data_transport:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:adviseit:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:brightstor_portal:11.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_application_performance_monitor:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_application_performance_monitor:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_service_level_management:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_service_level_management:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_service_level_management:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_service_level_management:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:messaging:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:messaging:1.7:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:messaging:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_management_portal:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_management_portal:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:cleverpath_aion:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:broadcom:unicenter_nsm_wireless_network_management_option:3.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-2668
95.27%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2005-2668
-
CA CAM log_security() Stack Buffer Overflow (Win32)
Disclosure Date: 2005-08-22First seen: 2020-04-26exploit/windows/unicenter/cam_log_securityThis module exploits a vulnerability in the CA CAM service by passing a long parameter to the log_security() function. The CAM service is part of TNG Unicenter. This module has been tested on Unicenter v3.1. Authors: - hdm <x@hdm.io>
CVSS scores for CVE-2005-2668
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST |
References for CVE-2005-2668
-
http://www.kb.cert.org/vuls/id/619988
Third Party Advisory;US Government Resource
-
http://www.vupen.com/english/advisories/2005/1482
Third Party Advisory
-
http://supportconnectw.ca.com/public/ca_common_docs/camsecurity_notice.asp
Broken Link
-
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=32919
Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/14622
Computer Associates Message Queuing Buffer Overflow VulnerabilityPatch;Third Party Advisory;VDB Entry
Jump to