CA Total Defense Suite UnassignAdminRoles Stored Procedure SQL Injection (CVE-2011-1653)

Key Information Title: CA Total Defense Suite UnassignAdminRoles Stored Procedure SQL Injection Vulnerability Vulnerability Identifiers: - ZDI-11-129 - ZDI-CAN-1039 - CVE ID: CVE-2011-1653 CVSS Score: 10.0, AV:N/AC:L/Au:N/C:C/I:C/A:C Affected Vendor: CA Affected Product: Total Defense Suite Vulnerability Details: - This vulnerability allows remote attackers to execute arbitrary code on vulnerable CA Total Defense Suite installations. Exploitation does not require authentication. - The specific flaw resides in the UnassignAdminRoles stored procedure, accessible via the management.asmx console. The Management Web Service listens for SOAP 1.2 requests on port 34444 (HTTP) and 34443 (HTTPS). Due to a flaw in the implementation of the UnAssignFunctionalUsers stored procedure, remote unauthenticated users can inject arbitrary SQL commands into SOAP requests, ultimately leading to arbitrary code execution in the context of the SYSTEM user. Google Provided Details: CA has released an update to address this vulnerability. More details can be found at the following link: CA Support Link Disclosure Timeline: - 2011-01-21 - Vulnerability reported to vendor - 2011-04-13 - Coordinated public advisory release Discoverer: Andrea Micalizzi aka rgod

Goal Reached Thanks to every supporter — we hit 100%!

CA Total Defense Suite UnassignAdminRoles Stored Procedure SQL Injection (CVE-2011-1653)