DM Primer error handling weakness & an old CAM BO revisited

["Karma" <karma () designfolks com au>]

Apologies for the poor grammer and formatting...

DM Primer is a shared service related to CA's Unicenter Remote Control. It 
is used in Enterprise environments to deploy URC6 from the URC v6.x 
Administration server. Dmprimer.exe listens on a client device for 
instructions from the server in a networked environment. DM Primer service 
may be installed as part of other CA products.
A larger than expected packet can be parsed remotely triggering an error 
handling routine. The routine fails to properly handle returned errors and
exits the thread leaving the DM Primer service in a non-responding state. 
The complete advisory is available at
http://www.designfolks.com.au/karma/DMPrimer/


cam.exe is process which belongs to CA Unicenter suite. It is used and 
shared by multiple CA products. The vendor has indicated that it affects 
multiple platforms.
A Buffer Overflow was also discovered in cam.exe.
This vulnerability is remotely exploitable which may result in remote code 
execution under the running system level context and complete compromise of 
the
hosts. Upon escalation, it was revealed that this bug was first discovered 
by CA's own Internal Audit Team in Aug 2005 and has already been fixed. H D 
Moore has
released a proof of concept for his Metasploit Project so credit where 
credit is due.
http://www.designfolks.com.au/karma/cam/

As a side note, I just wanted to point out the willingness of the CA 
Vulnerability Research Team at reviewing reported vulnerabilities and 
ensuring a patch is available for their clients. 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/