Computer Associates 'kmxfw.sys' Local Code Execution and Remote Denial of Service Vulnerabilities
BID:30651
Info
Computer Associates 'kmxfw.sys' Local Code Execution and Remote Denial of Service Vulnerabilities
| Bugtraq ID: | 30651 |
| Class: | Unknown |
| CVE: |
CVE-2008-3174 CVE-2008-2926 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Aug 11 2008 12:00AM |
| Updated: | Aug 25 2008 10:25PM |
| Credit: | Tobias Klein, Elazar Broad |
| Vulnerable: |
Computer Associates Personal Firewall 2008 Computer Associates Personal Firewall 2007 Computer Associates Internet Security Suite 2008 0 Computer Associates Internet Security Suite 2007 0 Computer Associates Host-Based Intrusion Prevention System r8 |
| Not Vulnerable: |
Computer Associates Personal Firewall Engine 1.2.276 |
Discussion
Computer Associates 'kmxfw.sys' Local Code Execution and Remote Denial of Service Vulnerabilities
Computer Associates products are prone to two vulnerabilities.
Attackers may exploit the first vulnerability locally to execute arbitrary code with SYSTEM-level privileges or cause a system crash. Attackers may exploit the second vulnerability remotely to cause denial-of-service conditions.
Successful attacks will completely compromise the computer or cause denial-of-service conditions.
The following products are affected:
Computer Associates Host-Based Intrusion Prevention System r8
Computer Associates Internet Security Suite 2007
Computer Associates Internet Security Suite 2008
Computer Associates Personal Firewall 2007
Computer Associates Personal Firewall 2008
Computer Associates products are prone to two vulnerabilities.
Attackers may exploit the first vulnerability locally to execute arbitrary code with SYSTEM-level privileges or cause a system crash. Attackers may exploit the second vulnerability remotely to cause denial-of-service conditions.
Successful attacks will completely compromise the computer or cause denial-of-service conditions.
The following products are affected:
Computer Associates Host-Based Intrusion Prevention System r8
Computer Associates Internet Security Suite 2007
Computer Associates Internet Security Suite 2008
Computer Associates Personal Firewall 2007
Computer Associates Personal Firewall 2008
Exploit / POC
Computer Associates 'kmxfw.sys' Local Code Execution and Remote Denial of Service Vulnerabilities
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Computer Associates 'kmxfw.sys' Local Code Execution and Remote Denial of Service Vulnerabilities
Solution:
The vendor has released fixes to address these issues. Please see the references for more information.
Computer Associates Host-Based Intrusion Prevention System r8
Solution:
The vendor has released fixes to address these issues. Please see the references for more information.
Computer Associates Host-Based Intrusion Prevention System r8
-
Computer Associates RO00535.CAZ
FTP://ftp.ca.com/CAproducts/unicenter/CAHIPS/nt/0703/RO00535.CAZ
References
Computer Associates 'kmxfw.sys' Local Code Execution and Remote Denial of Service Vulnerabilities
References:
References:
- CA HIPS KmxFw.sys Kernel Memory Corruption (Tobias Klein)
- Computer Associates Homepage (Computer Associates)
- [TKADV2008-006] CA HIPS KmxFw.sys Kernel Memory Corruption (Tobias Klein
- CA Host-Based Intrusion Prevention System SDK kmxfw.sys Multiple Vulnerabilities ("Williams, James K"
- CA HIPS kmxfw.sys driver denial of service vulnerability (Computer Associates)
- CA HIPS kmxfw.sys IOCTL requests arbitrary code execution vulnerability (Computer Associates)