Unicenter TNG Utilities Multiple Remote Buffer Overflow Vulnerabilities

Document ID : KB000032094
Last Modified Date : 14/02/2018
Show Technical Document Details

Issue:

A Vulnerability Scan has detected and reported a vulnerability similar to this:

38429 CA (Computer Associates) Unicenter TNG Utilities Multiple Remote Buffer Overflow Vulnerabilities. 

 

Environment:

Can occur in 12.5 and 12.6 versions of Identity Manager.

 

Cause:

The Remote Buffer Overflow vulnerability is a known problem that occurs in CAM, which is used with the Provisioning Server. A fix is included in CAM 1.14 build 1, however the scan may still report the vulnerability even when CAM 1.14 build 1 is installed. In most cases the reported vulnerability should be considered a false alarm (see Resolution below).

 

Resolution:

The vulnerability is fixed in CAM 1.14 build 1. 

1. Verify the CAM version by running camstat at the command prompt on the Provisioning Server.

The output of camstat will look something like this.

CAM - Version 1.14 (Build 1) 

2. If your current CAM version is 1.14 (Build 1) there is no further action required and the vulnerability reported by the scan should be ignored as a false alarm.

If your CAM version is lower than 1.14 Build 1 you may need to upgrade, though all current versions of Identity Manager should have 1.1.4 build 1. Please contact Support for assistance if camstat does not show CAM - Version 1.14 (Build 1).