Re: [Full-disclosure] CA20110420-02: Security Notice for CA Output Management Web Viewer

2011-05-19 Thread Williams, James K 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

CA20110420-01: Security Notice for CA SiteMinder


Issued:  April 20, 2011
Updated:  May 19, 2011


CA Technologies support is alerting customers to a security risk 
associated with CA SiteMinder. A vulnerability exists that can allow a 
malicious user to impersonate another user.  CA Technologies has 
issued patches to address the vulnerability.

The vulnerability, CVE-2011-1718, is due to improper handling of 
multi-line headers. A malicious user can send specially crafted data 
to impersonate another user.


Risk Rating 

Medium


Platform 

Windows


Affected Products 

CA SiteMinder R6 IIS 6.0 Web Agents prior to R6 SP6 CR2
CA SiteMinder R12 IIS 6.0 Web Agents prior to R12 SP3 CR2


How to determine if the installation is affected 

Check the Web Agent log to obtain the installed release version. Note 
that the "webagent.log" file name is configurable by the SiteMinder 
administrator.


Solution

CA has issued patches to address the vulnerability.

CA SiteMinder R6:
Upgrade to R6 SP6 CR2 or later

CA SiteMinder R12: 
Upgrade to R12 SP3 CR2 or later

CR releases can be found on the CA SiteMinder Hotfix / Cumulative 
Release page:
(URL may wrap)
support.ca.com/irj/portal/anonymous/phpdocs?filePath=0/5262/5262_fixinde
x.h
tml


References

CVE-2011-1718 - CA SiteMinder Multi-line Header Vulnerability


Acknowledgement

April King (ap...@twoevils.org)


Change History

Version 1.0: Initial Release
Version 1.1: Updated Affected Products section to clarify that only 
 the IIS 6.0 Web Agents are affected.  ISS 7 is not 
 affected by this issue.


If additional information is required, please contact CA Technologies 
Support at https://support.ca.com.

If you discover a vulnerability in a CA Technologies product, please 
report your findings to the CA Technologies Product Vulnerability 
Response Team.
support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782

-BEGIN PGP SIGNATURE-
Version: PGP Desktop 9.9.1 (Build 287)
Charset: utf-8

wj8DBQFN1UDNeSWR3+KUGYURAuwVAJ4imZZZtXVKli8gWinrjky3gheQCwCghM/N
69B1MXsPDg5Gt3ICQg4U7vc=
=uuIC
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[Full-disclosure] CA20110420-02: Security Notice for CA Output Management Web Viewer

2011-04-20 Thread Williams, James K 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

CA20110420-02: Security Notice for CA Output Management Web Viewer


Issued:  April 20, 2011


CA Technologies support is alerting customers to security risks 
associated with CA Output Management Web Viewer. Two vulnerabilities 
exist that can allow a remote attacker to execute arbitrary code.  CA 
Technologies has issued patches to address the vulnerabilities.

The vulnerabilities, CVE-2011-1719, are due to boundary errors in the 
UOMWV_HelperActiveX.ocx and PPSView.ocx ActiveX controls. A remote 
attacker can create a specially crafted web page to exploit the flaws 
and potentially execute arbitrary code.


Risk Rating 

High


Platform 

Windows


Affected Products 

CA Output Management Web Viewer 11.0 
CA Output Management Web Viewer 11.5


How to determine if the installation is affected 

If the end-user controls are at a version that is less than the 
versions listed below, the installation is vulnerable.


File Name Version 

UOMWV_HelperActiveX.ocx   11.5.0.1 
PPSView.ocx   1.0.0.7


Solution

CA has issued the following patches to address the vulnerability.

CA Output Management Web Viewer 11.0:
Apply the RO29119 APAR, and then have end-users allow updated controls 
to be installed (on next attempt to use impacted feature).

CA Output Management Web Viewer 11.5:
Apply the RO29120 APAR, and then have end-users allow updated controls 
to be installed (on next attempt to use impacted feature).


References

CVE-2011-1719 - CA Output Management Web Viewer ActiveX Control Buffer 
Overflows


Acknowledgement

Dmitriy Pletnev, Secunia Research


Change History

Version 1.0: Initial Release


If additional information is required, please contact CA Technologies 
Support at https://support.ca.com.

If you discover a vulnerability in a CA Technologies product, please 
report your findings to the CA Technologies Product Vulnerability 
Response Team.
support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782


Thanks and regards,
Ken Williams, Director
ca technologies Product Vulnerability Response Team
ca technologies Business Unit Operations
wilj...@ca.com

-BEGIN PGP SIGNATURE-
Version: PGP Desktop 9.9.1 (Build 287)
Charset: utf-8

wj4DBQFNr5KCeSWR3+KUGYURAseNAKCUFddGhEHrb3JBUABbqWWvGgvZTQCY9nHy
V9Eya1SCGQ8B2kt6v50jNw==
=Y75y
-END PGP SIGNATURE-

___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/