漏洞信息详情
CA Service Metric Analysis和Service Level Managemen'smmsnmpd'任意命令执行漏洞
- CNNVD编号:CNNVD-200901-086
- 危害等级: 高危
- CVE编号: CVE-2009-0043
- 漏洞类型: 权限许可和访问控制
- 发布时间: 2009-01-08
- 威胁类型: 远程
- 更新时间: 2009-02-12
- 厂 商: ca
- 漏洞来源: Michel Arboi
漏洞简介
CA Service Metric Analysis和Service Level Management都是CA的服务管理产品。
Service Metric Analysis和Service Level Management没有充分地限制对smmsnmpd服务的访问,远程攻击者可以在该服务的环境中执行任意命令。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=RO04649
https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=RO04667
https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=RO04653
参考网址
来源: support.ca.com
链接:https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=196148
来源: BID
名称: 33161
链接:http://www.securityfocus.com/bid/33161
来源: BUGTRAQ
名称: 20090107 CA20090107-01: CA Service Metric Analysis and CA Service Level Management smmsnmpd Arbitrary Command Execution Vulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/499857/100/0/threaded
来源: VUPEN
名称: ADV-2009-0053
链接:http://www.frsirt.com/english/advisories/2009/0053
来源: SREASON
名称: 4887
链接:http://securityreason.com/securityalert/4887
来源:community.ca.com
链接:http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/07.aspx
受影响实体
- Ca Service_metric_analysis:R11.1:Sp1
- Ca Service_metric_analysis:R11.1
- Ca Service_metric_analysis:R11.0
- Ca Service_level_management:3.5
补丁
暂无
评论