-----BEGIN PGP SIGNED MESSAGE----- CA20091208-01: Security Notice for CA Service Desk Issued: December 8, 2009 CA's support is alerting customers to a security risk with CA Service Desk. A cross-site scripting vulnerability exists that can allow a remote attacker to potentially gain sensitive information. CA has issued patches to address the vulnerability. The vulnerability, CVE-2009-4149, is due to insufficient verification of a web interface variable. An attacker, who can lure a user into following a URL, can conduct cross-site scripting. Risk Rating Low Platforms Windows, AIX, HP, Sun, Linux Affected Products CA Service Desk 12.1 How to determine if the installation is affected CA Service Desk 12.1 Windows Environment: 1. Locate the files "webengine.exe" and "freeaccess.spl". The files are located in the "$NX_ROOT\bin" and "$NX_ROOT\bopcfg\www" directory respectively. 2. Right click on each of the files and select Properties. 3. Select the General tab. 4. If either file timestamp is earlier than indicated in the below table, the installation is vulnerable. File Name Timestamp Size Size on disk webengine.exe 10/30/2009 12:11:16 PM 2936832 bytes 2936832 bytes freeaccess.spl 10/23/2009 11:24:08 AM 1010489 bytes 1011712 bytes AIX Environment: 1. Locate the files "webengine" and "freeaccess.spl". The files are located in the "$NX_ROOT/bin" and "$NX_ROOT/bopcfg/www" directory respectively. 2. Right click on each of the files and select Properties. 3. Select the General tab. 4. If either file timestamp is earlier than indicated in the below table, the installation is vulnerable. File Name Timestamp Size Size on disk webengine 11/03/2009 4:58:00 AM 7698261 bytes 7700480 bytes freeaccess.spl 10/26/2009 5:32:00 AM 1010490 bytes 1011712 bytes HP Environment: 1. Locate the files "webengine" and "freeaccess.spl". The files are located in the "$NX_ROOT/bin" and "$NX_ROOT/bopcfg/www" directory respectively. 2. Right click on each of the files and select Properties. 3. Select the General tab. 4. If either file timestamp is earlier than indicated in the below table, the installation is vulnerable. File Name Timestamp Size Size on disk webengine 11/03/2009 5:25:00 AM 6635681 bytes 7700480 bytes freeaccess.spl 10/27/2009 1:20:00 AM 6639616 bytes 1011712 bytes SUN Environment: 1. Locate the files "webengine" and "freeaccess.spl". The files are located in the "$NX_ROOT/bin" and "$NX_ROOT/bopcfg/www" directory respectively. 2. Right click on each of the files and select Properties. 3. Select the General tab. 4. If either file timestamp is earlier than indicated in the below table, the installation is vulnerable. File Name Timestamp Size Size on disk webengine 11/03/2009 5:05:00 AM 4076264 bytes 4079616 bytes freeaccess.spl 10/26/2009 8:23:00 AM 1010490 bytes 1011712 bytes Linux Environment: 1. Locate the files "webengine" and "freeaccess.spl". The files are located in the "$NX_ROOT/bin" and "$NX_ROOT/bopcfg/www" directory respectively. 2. Right click on each of the files and select Properties. 3. Select the General tab. 4. If either file timestamp is earlier than indicated in the below table, the installation is vulnerable. File Name Timestamp Size Size on disk webengine 11/03/2009 4:23:00 AM 3772416 bytes 3772416 bytes freeaccess.spl 10/26/2009 7:25:00 AM 1010490 bytes 1011712 bytes Solution CA has issued the following patches to address the vulnerability. CA Service Desk 12.1 Windows: RO12848 CA Service Desk 12.1 AIX: RO12851 CA Service Desk 12.1 HP: RO12853 CA Service Desk 12.1 Sun: RO12857 CA Service Desk 12.1 Linux: RO12855 Workaround To reduce exposure, only give trusted resources analyst privilege. References CVE-2009-4149 - Service Desk XSS http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4149 CA20091208-01 : Security Notice for CA Service Desk (line may wrap) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=22 3999 Acknowledgement CVE-2009-4149 - anonymous Change History Version 1.0: Initial Release If additional information is required, please contact CA Support at http://support.ca.com/ If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. (line may wrap) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782 Kevin Kotas CA Product Vulnerability Response Team -----BEGIN PGP SIGNATURE----- Version: PGP 8.1 iQEVAwUBSx6pQpI1FvIeMomJAQFsBgf+PLnOJCw+Gy2OmpAQxHZXQrgLIqybuafj dAoAPHXYRaPU+KmyAWnhSLpy21dnlLomS9yL7tv5aYa8Qm1Bmb54KweC9kbL7NDB T2lNOhrJ47eQsXEVCEcI/zIGLfSVwQdATEZQhNR07nuGMxEIN9dqS6bh9zmf1MqW yxRH7D5wAFwGaiKApqzqZw4JiE14+UyUZDr6c0/Y/5HZpWGVt9KnlowN2SuOWXvH 0enIeHDR1S+T27mprirdgKKGjZadG21+JPO9xOxDzqfag6uoHlEVWPxDNHYlL+dq f8HYIOZIEnCKS8Tw7BYPt2t1WGaFwXGISJ8yl+rxmzY8oBt7eHcnLw== =j+VR -----END PGP SIGNATURE-----