TITLE: Unicenter Remote Control Arbitrary URC Management Server Access Vulnerability SECUNIA ADVISORY ID: SA13311 VERIFY ADVISORY: http://secunia.com/advisories/13311/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network SOFTWARE: CA Unicenter Remote Control 6.x http://secunia.com/product/2622/ DESCRIPTION: A vulnerability has been reported in Unicenter Remote Control (URC), which can be exploited by malicious users to access arbitrary URC Management Servers. The vulnerability is caused due to an unspecified error in the URC Management Console allowing users to connect to another URC Management Server and make arbitrary configuration changes on the systems managed by this server. Successful exploitation reportedly requires that a user has been authenticated by the underlying OS. The vulnerability affects the following versions: * Unicenter Remote Control 6.0 English Service Pack 1 (Build 6.0.77) * Unicenter Remote Control 6.0 English QO48974 (Build 6.0.74) * Unicenter Remote Control 6.0 English GA (6.0.56.3) * Unicenter Remote Control 6.0 French Service Pack 1 (Build 6.0.77) * Unicenter Remote Control 6.0 French GA (Build 6.0.74) * Unicenter Remote Control 6.0 German Service Pack 1 (Build 6.0.77) * Unicenter Remote Control 6.0 German GA (Build 6.0.74) SOLUTION: Apply patches (see the vendor advisory for more information). PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://supportconnectw.ca.com/public/rco_controlit/infodocs/securitynotice.asp ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------