CA Total Defense Suite DeleteReportLayout SQL Injection Vulnerability (CVE-2011-1653)

Vulnerability Key Information Date: April 13, 2011 Title: CA Total Defense Suite UNC Management Console DeleteReportLayout SQL Injection Vulnerability ZDI ID: ZDI-11-132 ZDI CAN ID: ZDI-CAN-1042 CVE ID: CVE-2011-1653 CVSS Score: 10.0, AV:N/AC:L/Au:N/C:C/I:C/A:C Affected Vendor: CA Affected Product: Total Defense Suite Vulnerability Details Description: This vulnerability allows remote attackers to execute arbitrary code on vulnerable CA Total Defense Suite installations. Exploitation of this vulnerability does not require authentication. Specific Flaw: The flaw resides in the DeleteReportLayout stored procedure, accessible via the management.asmx console. The Management Web Service listens on port 34444 for HTTP and port 34443 for HTTPS, accepting SOAP 1.2 requests. Due to a flaw in the implementation of the DeleteReportLayout stored procedure, remote, unauthenticated users can inject arbitrary SQL commands within SOAP requests, potentially leading to arbitrary code execution in the context of the SYSTEM user. Additional Information CA Released Update: CA has released an update to fix this vulnerability. More details are available at https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={CD065CEC-AFE2-4D9D-8E0B-BE7F6E345866}. Disclosure Timeline: - 2011-01-21: Vulnerability reported to vendor - 2011-04-13: Coordinated public advisory release Acknowledgments: Andrea Micalizzi aka rgod

Goal Reached Thanks to every supporter — we hit 100%!

CA Total Defense Suite DeleteReportLayout SQL Injection Vulnerability (CVE-2011-1653)