CA Spectrum 10.1.x / 10.2.x Denial Of Service

#152
Topic created · 1 Posts · 1 Views
  • CA Technologies Support is alerting customers to a potential risk with CA Spectrum. A vulnerability exists that can allow an unauthenticated remote attacker to cause a denial of service. CA has solutions to resolve the vulnerability. The vulnerability occurs due to how a Spectrum network service handles invalid data. A remote attacker can send a request that may disrupt a Spectrum service and potentially cause further product instability.
    MD5 | 3305334f51bc4da75df2dff0c5447f72
    Download

    -----BEGIN PGP SIGNED MESSAGE-----  
    Hash: SHA512  
    CA20180501-01: Security Notice for CA Spectrum  
    Issued: May 1st, 2018  
    Last Updated: May 1st, 2018  
    CA Technologies Support is alerting customers to a potential risk  
    with CA Spectrum. A vulnerability exists that can allow an  
    unauthenticated remote attacker to cause a denial of service. CA has  
    solutions to resolve the vulnerability.  
    The vulnerability, CVE-2018-6589, occurs due to how a Spectrum  
    network service handles invalid data. A remote attacker can send a  
    request that may disrupt a Spectrum service and potentially cause  
    further product instability.  
    Risk Rating  
    CVE Identifier  
    Risk Rating  
    CVE-2018-6589  
    High  
    Platform(s)  
    All  
    Affected Products  
    CA Spectrum 10.1.x  
    CA Spectrum 10.2.x  
    Unaffected Products  
    CA Spectrum 10.2.3  
    How to determine if the installation is affected  
    Use one of the below methods to find the CA Spectrum product version:  
    1. CA OneClick Console: Click on Help -> About  
    2. Open the Spectrum Console Panel on the SpectroServer and click on  
    Help -> About  
    3. On SpectroServer: Go to the Spectrum install directory, open the  
    .installrc file and find the "VERSION"  
    Solution  
    CA Technologies published the following solutions to resolve the  
    vulnerability.  
    CA Spectrum 10.1.x:  
    Apply 10.01.02.PTF_10.1.239  
    CA Spectrum 10.2.x:  
    Update to CA Spectrum 10.2.3  
    References  
    CVE-2018-6589 - CA Spectrum Denial of Service  
    Acknowledgement  
    CVE-2018-6589 - Francesco Scibetta  
    Change History  
    Version 1.0: Initial Release  
    Customers who require additional information about this notice may  
    contact CA Technologies Support at https://support.ca.com/  
    To report a suspected vulnerability in a CA Technologies product,  
    please send a summary to CA Technologies Product Vulnerability  
    Response at vuln <AT> ca.com  
    Security Notices and PGP key  
    support.ca.com/irj/portal/anonymous/phpsbpldgpg  
    www.ca.com/us/support/ca-support-online/documents.aspx?id=177782  
    Regards,  
    Kevin Kotas  
    Vulnerability Response Director  
    CA Technologies Product Vulnerability Response  
    Copyright (c) 2018 CA. 520 Madison Avenue, 22nd Floor, New York, NY  
    10022.  All other trademarks, trade names, service marks, and logos  
    referenced herein belong to their respective companies.  
    -----BEGIN PGP SIGNATURE-----  
    Charset: utf-8  
    wsFVAwUBWuiPK8Mr2sgsME5lAQrSFw/+ODt5YOFxRR5DpqYceXD+632QlKciImVE  
    11weVg55o11K7ZvLuQfKvfOl1C0DIwXuiwsCg29EdVGaoSYYhXHeHBw7k3tYhGLp  
    eea45ha0ZPBtl31IYZbloyOZtCOG1RwZFiHXoC8YnBC4Y0MSeY3pwGCKzSlgvkMg  
    mqYw+s9nRr24hO6cSWYLQAgxtvjL3b/oX5UMbCiAlzBg7oVkiAqvjnka4f+fY4+r  
    2HzH05vy0JFD7hTVRROUimlZ3yy2HjbWj/UHcCZdm/5q5qrIVMHnIK3jfV7TjF90  
    +neTCG2xUR+0Xd9KBct2hqRtvEH1kiJ8stWx7zDhTaRUjQVBVfG3gizE+MCDljrN  
    ngj8K2uOw8cvDBrj2n8rR7QZ5x8LrfTMs3yMW4ori+RYlWK1GkI/jRi4Y6qJLSrk  
    +rrlEPxGR0P74eWAgNvZPka1M92D8zpBUvIIbnZLJMGkIdf5/cmDvCwxP0dQzO16  
    DrbdffuTUNyS4DdpglFoTKNYq2hN3KJgkiJLdp8kekDlflSG5BRP5t9vpJZkxcfX  
    DywbVRkPgf9wJyvqweaDBAU3CI4Z8KlifbuPiO0pbv85tO602zUlWs00BaLp3b9a  
    75UTWUVTrJ75sgbNbMrHq/JZ/nZPvEapXkMU/Ka5Dw/6AXb6Dc7kWTA0XXNDBpe6  
    dLWBxdURIKg=  
    =QbR0  
    -----END PGP SIGNATURE-----  
    

    Source: packetstormsecurity.com

Log in to reply