Vulnerabilities > CVE-2006-0307 - Resource Management Errors vulnerability in multiple products

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
broadcom
ca
CWE-399
nessus
NVD
Published: 2006-01-19
Updated: 2021-04-13

Summary

The DM Primer in the DM Deployment Common Component in Computer Associates (CA) BrightStor Mobile Backup r4.0, BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1, Unicenter Remote Control 6.0, 6.0 SP1, CA Desktop Protection Suite r2, CA Server Protection Suite r2, and CA Business Protection Suite r2 allows remote attackers to cause a denial of service (CPU consumption and log file consumption) via unspecified "unrecognized network messages" that are not properly handled.

Vulnerable Configurations

Part Description Count
Application
Broadcom
10
Application
Ca
6

Common Weakness Enumeration (CWE)

Nessus

NASL familyWindows
NASL idDMPRIMER_DOS.NASL
descriptionThe remote version of DMPrimer service (CA DM Deployment Common Component) is vulnerable to multiple Denial of Service attacks. An attacker can crash or may cause a high CPU utilization by sending a specially crafted UDP packets.
last seen2020-06-01
modified2020-06-02
plugin id20746
published2006-01-19
reporterThis script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/20746
titleCA DM Deployment Common Component Multiple DoS
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if(description)
{
 script_id(20746);
 script_version("1.19");

 script_cve_id("CVE-2006-0306", "CVE-2006-0307");
 script_bugtraq_id(16276);

 script_name(english:"CA DM Deployment Common Component Multiple DoS");

 script_set_attribute(attribute:"synopsis", value:
"It is possible to cause a denial of service against the remote
service." );
 script_set_attribute(attribute:"description", value:
"The remote version of DMPrimer service (CA DM Deployment 
Common Component) is vulnerable to multiple Denial
of Service attacks.
An attacker can crash or may cause a high CPU utilization by
sending a specially crafted UDP packets." );
 script_set_attribute(attribute:"see_also", value:"http://supportconnectw.ca.com/public/ca_common_docs/dmdeploysecurity_notice.asp" );
 script_set_attribute(attribute:"solution", value:
"Disable the DMPrimer service." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");

 script_set_attribute(attribute:"plugin_publication_date", value: "2006/01/19");
 script_set_attribute(attribute:"vuln_publication_date", value: "2006/01/17");
 script_cvs_date("Date: 2018/07/10 14:27:33");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_end_attributes();

 script_summary(english:"Determines the version of the remote DMPrimer service");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows");
 script_dependencies("dmprimer_detect.nasl");
 script_require_keys("CA/DMPrimer");
 script_require_ports(5727);
 exit(0);
}

#

version = get_kb_item ("CA/DMPrimer");

if (!isnull (version) &&
    ( (version == "1.4.154") || (version == "1.4.155") ) )
  security_warning(port:5727, proto:"udp");

References