From: Secunia Security Advisories (sec-advsecunia.com)
Date: Fri Dec 12 2003 - 05:03:01 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
CA Unicenter Remote Control Privilege Escalation and Denial of
Service

SECUNIA ADVISORY ID:
SA10420

VERIFY ADVISORY:
http://www.secunia.com/advisories/10420/

CRITICAL:
Less critical

IMPACT:
Privilege escalation, DoS

WHERE:
From local network

SOFTWARE:
CA ControlIT 5.x
CA Unicenter Remote Control 5.x
CA Unicenter Remote Control 6.x

DESCRIPTION:
Two vulnerabilities have been identified in CA Unicenter Remote
Control and ControlIT, which can be exploited by malicious, local
users to escalate their privileges and by malicious people to cause a
Denial of Service.

According to CA, local users can use the help interface to escalate
their privileges. No more information is available.

Unicenter Remote Control 6 is also vulnerable to a Denial of Service,
which causes the URC host service to consume large amounts of CPU
resources.

Affected software:
Unicenter Remote Control 5.2
Unicenter Remote Control Option 5.1
Unicenter Remote Control Option German Version 5.1
Unicenter Remote Control Option 5.0
Control IT Enterprise Edition 5.1
Control IT Enterprise Edition 5.0
Control IT Advanced Edition 5.0
Unicenter Remote Control 6.0

SOLUTION:
Patches are available:

Unicenter Remote Control 5.2:
ftp://ftp.ca.com/CAproducts/unicenter/TNGRCO/nt/0204/qo48406/QO48406.CLZ
ftp://ftp.ca.com/CAproducts/unicenter/TNGRCO/nt/0204/qo48406/QO48406.CAZ

Unicenter Remote Control Option 5.1:
ftp://ftp.ca.com/CAproducts/unicenter/TNGRCO/nt/0011/qo48410/QO48410.CLZ
ftp://ftp.ca.com/CAproducts/unicenter/TNGRCO/nt/0011/qo48410/QO48410.CAZ

Unicenter Remote Control Option German Version 5.1:
ftp://ftp.ca.com/CAproducts/unicenter/TNGRCO/nt/0011/qo48411/QO48411.CLZ

ftp://ftp.ca.com/CAproducts/unicenter/TNGRCO/nt/0011/qo48411/QO48411.CAZ

Unicenter Remote Control Option 5.0:
ftp://ftp.ca.com/CAproducts/unicenter/TNGRCO/nt/0002/qo48412/QO48412.CLZ
ftp://ftp.ca.com/CAproducts/unicenter/TNGRCO/nt/0002/qo48412/QO48412.CAZ

ControlIT Enterprise Edition 5.1
ftp://ftp.ca.com/CAproducts/unicenter/controlitee/0102/qo48413/QO48413.CCH
ftp://ftp.ca.com/CAproducts/unicenter/controlitee/0102/qo48413/QO48413.CAZ

ControlIT Enterprise Edition 5.0:
ftp://ftp.ca.com/CAproducts/unicenter/controlitee/9910/qo48415/QO48415.CCH
ftp://ftp.ca.com/CAproducts/unicenter/controlitee/9910/qo48415/QO48415.CAZ

ControlIT Advanced Edition 5.0:
ftp://ftp.ca.com/CAproducts/unicenter/controlitae/9909/qo48416/QO48416.CLY
ftp://ftp.ca.com/CAproducts/unicenter/controlitae/9909/qo48416/QO48416.CAZ

Unicenter Remote Control 6.0:
ftp://ftp.ca.com/CAproducts/unicenter/TNGRCO/nt/0306/qo48417/QO48417.CLZ
ftp://ftp.ca.com/CAproducts/unicenter/TNGRCO/nt/0306/qo48417/QO48417.CAZ

ORIGINAL ADVISORY:
Important Security Notice Unicenter Remote Control and ControlIT
http://support.ca.com/techbases/rp/urc5x-secnote.html
http://support.ca.com/techbases/rp/urc6x-secnote.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://www.secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://www.secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]