View my documents ()
 Home > Support > Global Security Advisor 

Vulnerability Detail

CA HIPS kmxfw.sys IOCTL requests arbitrary code execution vulnerability

Date Discovered:
11 Aug 2008

Date Published:
12 Aug 2008

Last Updated:
12 Aug 2008

Threat Assessment

Overall Risk:  Medium
Popularity : Medium
Impact:  High
Simplicity:  Low

Characteristics

Vulnerability ID:  36559
Discovered By:  Tobias Klein

Exploitable Locally:  Yes
Exploitable Remotely:  No

Impact:  A local attacker can cause a system crash or potentially execute arbitrary code.

Root Cause:  Software Vulnerability

Description
Recommendations
Affected Technologies
References
 

Description

CA HIPS contains a vulnerability that can allow a local attacker to cause a system crash or potentially execute arbitrary code. The vulnerability is due insufficient verification of IOCTL requests by the kmxfw.sys driver. An attacker can send an IOCTL request to cause a system crash or potentially execute arbitrary code.

Back to top

Recommendations



-------------------------------------------------------------------------------
For: CA Host-Based Intrusion Prevention System r8, CA Internet Security Suite 2007, CA Internet Security Suite 2008, CA Personal Firewall 2007, CA Personal Firewall 2008

Please install the following updates :-



CA Host-Based Intrusion Prevention System r8:-

==============================

https://support.ca.com/irj/portal/anonymous/SolutionResults?aparNo=RO00535&actionID=4



CA Internet Security Suite r3, r4 and CA Personal Firewall 2007, 2008:-

=============================================



- Ensure the latest engine is installed by using the built-in update mechanism.

- CA Personal Firewall Engine 1.2.276 and later are not affected.

- To ensure that the latest automatic update is installed on your computer, you can

view the Help => About screen in their CA Personal Firewall product and confirm

that the engine version number is 1.2.276 or higher.

Back to top

Affected Technologies

Computer Associates: CA Host-Based Intrusion Prevention System r8
Computer Associates: CA Internet Security Suite 2007
Computer Associates: CA Internet Security Suite 2008
Computer Associates: CA Personal Firewall 2007
Computer Associates: CA Personal Firewall 2008

Back to top

References

CA:contentID:182496
Mitre CVE: CVE-2008-2926

Back to top

CA Global Security Advisor

Current threat condition: Low
Low
Documents and Tools
Find Threats
Viruses Spyware
Vulnerabilities All
 
 
Page Tools
ShareShare