发布日期:2012-12-05
更新日期:2012-12-07
受影响系统:
CA XCOM Data Transport r11.5
CA XCOM Data Transport r11.0
不受影响系统:
CA XCOM Data Transport r11.6
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 56824
CVE(CAN) ID: CVE-2012-5973
Computer Associates XCOM Data Transport是多平台的、多协议的、安全的数据传输解决方案。
Unix、Linux平台上的CA XCOM Data Transport r11.5、CA XCOM Data Transport r11.0在验证请求时存在安全漏洞,远程攻击者通过精心构造的请求可导致执行任意命令。
<*来源:Jurgens van der Merwe
链接:
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={3%2058F44CA-6354-4427-9088-C57138E9EE11
*>
建议:
--------------------------------------------------------------------------------
临时解决方法:
在xcom.glb文件内,将CA XCOM全局参数设置为"XENDCMD="
厂商补丁:
CA
--
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载下列补丁:
以下Linux与Unix平台版本是受影响的:
CA XCOM Data Transport r11.5:
CA XCOM Data Transport for Linux PC
SP00 - RO52253
CA XCOM Data Transport for HP/UX
SP00 - RO52259
CA XCOM Data Transport for HP-UX IA64
SP00 - RO52261
CA XCOM Data Transport r11.0:
CA XCOM Data Transport for AIX
SP02 - RO52265
SP01 - RO52264
CA XCOM Data Transport for AIX Brixton
SP02 - RO52265
SP01 - RO52264
CA XCOM Data Transport for Digital UNIX
SP01 - RO52257
CA XCOM Data Transport for HP/UX
SP02 - RO52258
SP01 - RO52587
CA XCOM Data Transport for HP-UX IA64
SP02 - RO52260
CA XCOM Data Transport for Linux PC
SP01 - RO52252
CA XCOM Data Transport for Linux zSeries
SP01 - RO52254
CA XCOM Data Transport for NCR UNIX MP-RAS
SP01 - RO52256
CA XCOM Data Transport for SCO OpenServer
SP01 - RO52266
CA XCOM Data Transport for SCO UnixWare
SP01 - RO52269
CA XCOM Data Transport for Sun Solaris Brixton
SP02 - RO52268
SP01 - RO52267
CA XCOM Data Transport for Sun Solaris Operating System
SP02 - RO52268
SP01 - RO52267
CA XCOM Data Transport for Sun Solaris X86
SP01 - RO52255
不受影响的版本:
所有Linux和Unix平台下的CA XCOM Data Transport r11.6
All versions of CA XCOM Data Transport for non-Linux and non-UNIX
platforms, which include:
CA XCOM Data Transport for AS/400 i5/OS
CA XCOM Data Transport for AS/400 i5/OS CISC
CA XCOM Data Transport for HP NonStop
CA XCOM Data Transport for HP NonStop IA64
CA XCOM Data Transport for LAN Server NetWare
CA XCOM Data Transport for LAN Workstation for OS/2
CA XCOM Data Transport for LAN Workstation for Windows
CA XCOM Data Transport for OpenVMS
CA XCOM Data Transport for OpenVMS Alpha
CA XCOM Data Transport for OpenVMS I64
CA XCOM Data Transport for OpenVMS VAX
CA XCOM Data Transport for OS/2 Workstation
CA XCOM Data Transport for PC-DOS Workstation
CA XCOM Data Transport for Stratus CISC
CA XCOM Data Transport for Stratus Continuum
CA XCOM Data Transport for Stratus RISC
CA XCOM Data Transport for VAX
CA XCOM Data Transport for Windows Family Professional
CA XCOM Data Transport for Windows Family Server
CA XCOM Data Transport for z/OS
CA XCOM Data Transport for z/VM
CA XCOM Data Transport for z/VSE
CA XCOM Data Transport for z/VSE CICS
CA XCOM Data Transport Gateway
CA XCOM Data Transport Management Center
以下为各版本对应的补丁编号:
CA XCOM Data Transport r11.5:
CA XCOM Data Transport for Linux PC
SP00 - RO52253
CA XCOM Data Transport for HP/UX
SP00 - RO52259
CA XCOM Data Transport for HP-UX IA64
SP00 - RO52261
CA XCOM Data Transport r11.0:
CA XCOM Data Transport for AIX
SP02 - RO52265
SP01 - RO52264
CA XCOM Data Transport for AIX Brixton
SP02 - RO52265
SP01 - RO52264
CA XCOM Data Transport for Digital UNIX
SP01 - RO52257
CA XCOM Data Transport for HP/UX
SP02 - RO52258
SP01 - RO52587
CA XCOM Data Transport for HP-UX IA64
SP02 - RO52260
CA XCOM Data Transport for Linux PC
SP01 - RO52252
CA XCOM Data Transport for Linux zSeries
SP01 - RO52254
CA XCOM Data Transport for NCR UNIX MP-RAS
SP01 - RO52256
CA XCOM Data Transport for SCO OpenServer
SP01 - RO52266
CA XCOM Data Transport for SCO UnixWare
SP01 - RO52269
CA XCOM Data Transport for Sun Solaris Brixton
SP02 - RO52268
SP01 - RO52267
CA XCOM Data Transport for Sun Solaris Operating System
SP02 - RO52268
SP01 - RO52267
CA XCOM Data Transport for Sun Solaris X86
SP01 - RO52255