2017 m. gegužės 14 d., sekmadienis

CA20170504-01: Security Notice for CA Client Automation OS Installation Management

CA20170504-01: Security Notice for CA Client Automation OS
Installation Management

Issued: May 4, 2017
Last Updated: May 4, 2017

CA Technologies is alerting customers to a potential risk with CA
Client Automation OS Installation Management. A vulnerability exists
that can allow a local attacker to gain sensitive information on
operating systems installations created by CA Client Automation OS
Installation Management. A solution is available.

The vulnerability, CVE-2017-8391, occurs due to insecure storage of
account credentials used by OS Installation Management during
operating system installation. A local attacker can potentially
access a sensitive file containing account credentials and decrypt
a password. Depending on the privileges associated with the
credentials, an attacker can potentially gain further access. This
vulnerability only affects operating system installations created by
CA Client Automation with OS Installation Management.

Risk Rating

High

Platform(s)

Windows, Linux

Affected Products

Only CA Client Automation releases implementing OS Installation
Management are vulnerable.

CA Client Automation r14.0, r14.0 SP1
CA Client Automation r12.9

CA Client Automation (formerly CA IT Client Manager) Release and
Support Lifecycle Dates

How to determine if the installation is affected

Customers may review the technical document in the solution section
to determine if any operating system installation created by CA
Client Automation OS Installation Management is affected.

Solution

CA Technologies published the following solution to address the
vulnerability.

CA Client Automation, all releases:

Follow the instructions in TEC1911981

References

CVE-2017-8391 - Client Automation OS Installation Management
insecure password storage

Acknowledgement

CVE-2017-8391 - Christoph Falta

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technologies
Support at https://support.ca.com/

If you discover a vulnerability in CA Technologies products, please
report your findings to the CA Technologies Product Vulnerability
Response Team at vuln <AT> ca.com

Security Notices and PGP key
support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782

Regards,

Kevin Kotas
Vulnerability Response Director
CA Technologies Product Vulnerability Response Team

Copyright (c) 2017 CA. 520 Madison Avenue, 22nd Floor, New York, NY
10022.  All other trademarks, trade names, service marks, and logos
referenced herein belong to their respective companies.

Komentarų nėra:

Rašyti komentarą