CA Resource Initialization Manager Local Privilege Escalation Vulnerability
BID:17840
Info
CA Resource Initialization Manager Local Privilege Escalation Vulnerability
| Bugtraq ID: | 17840 |
| Class: | Design Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | May 04 2006 12:00AM |
| Updated: | May 05 2006 06:25PM |
| Credit: | IBM Global Services reported this issue to the vendor. |
| Vulnerable: |
Computer Associates Resource Initialization Manager 0 |
| Not Vulnerable: | |
Discussion
CA Resource Initialization Manager Local Privilege Escalation Vulnerability
CA Resource Initialization Manager (CAIRIM) is susceptible to a local privilege-escalation vulnerability. This issue is due to a flaw in the CAIRIM LMP SVC.
This issue allows local attackers to gain supervisor (key 0) privileges, aiding them in the complete compromise of affected computers.
CAIRIM is used by numerous CA products. All versions of CAIRIM LMP on the z/OS platform are vulnerable to this issue.
CA Resource Initialization Manager (CAIRIM) is susceptible to a local privilege-escalation vulnerability. This issue is due to a flaw in the CAIRIM LMP SVC.
This issue allows local attackers to gain supervisor (key 0) privileges, aiding them in the complete compromise of affected computers.
CAIRIM is used by numerous CA products. All versions of CAIRIM LMP on the z/OS platform are vulnerable to this issue.
Exploit / POC
CA Resource Initialization Manager Local Privilege Escalation Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
CA Resource Initialization Manager Local Privilege Escalation Vulnerability
Solution:
The vendor has released an advisory and a fix to address this issue. Please see the referenced advisory for further information on obtaining and applying the fix.
Computer Associates Resource Initialization Manager 0
Solution:
The vendor has released an advisory and a fix to address this issue. Please see the referenced advisory for further information on obtaining and applying the fix.
Computer Associates Resource Initialization Manager 0
-
Computer Associates QO78541 - LMP - INTEGRITY EXPOSURE - LMP SVC ARCHITECTURE
http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QO7854 1&startsearch=1
References
CA Resource Initialization Manager Local Privilege Escalation Vulnerability
References:
References:
- Important Security Notice for CAIRIM LMP for z/OS (Computer Associates)
- Important Security Notice for CAIRIM LMP for z/OS: Affected products (Computer Associates)