exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

CA Security Advisory 34818

CA Security Advisory 34818
Posted Jan 27, 2007
Authored by Ken Williams, Computer Associates | Site www3.ca.com

Multiple vulnerabilities have been discovered in CA Personal Firewall drivers. The vulnerabilities are due to errors in the HIPS Core (KmxStart.sys) and HIPS Firewall (KmxFw.sys) drivers. Local attackers can exploit these vulnerabilities to gain escalated privileges.

tags | advisory, local, vulnerability
advisories | CVE-2006-6952
SHA-256 | 02589667c3f2bd1a0335ba0b442c8b18de4508cda0b0bb4a915da330839058a7

CA Security Advisory 34818

Change Mirror Download

Title: [CAID 34818]: CA Personal Firewall Multiple Privilege
Escalation Vulnerabilities

CA Vuln ID (CAID): 34818

CA Advisory Date: 2007-01-22

Discovered By: Reverse Mode

Impact: Local attacker can gain escalated privileges.

Summary: Multiple vulnerabilities have been discovered in CA
Personal Firewall drivers. The vulnerabilities are due to errors
in the HIPS Core (KmxStart.sys) and HIPS Firewall (KmxFw.sys)
drivers. Local attackers can exploit these vulnerabilities to gain
escalated privileges.

Mitigating Factors: Local user account required for exploitation.

Severity: CA has given these vulnerability issues a Medium risk
rating.

Affected Products:
CA Personal Firewall 2007 (v9.0) Engine version 1.0.173 and below
CA Internet Security Suite 2007 (v3.0) with CA Personal Firewall
2007 (v9.0) Engine version 1.0.173 and below

Affected platforms:
Microsoft Windows

Status and Recommendation:
CA has addressed this issue by providing a new automatic update on
January 22, 2007. Customers running one of the affected products
simply need to ensure that they have allowed this automatic update
to take place.

Determining if you are affected:
To ensure that the update has taken place, customers can view the
Help > About screen in their CA Personal Firewall product and
confirm that their engine version number is 1.0.176 or higher.

References (URLs may wrap):
CA SupportConnect:
http://supportconnect.ca.com/
CA Consumer Support Knowledge Document for this vulnerability:
Medium Risk CA Personal Firewall Vulnerability - Multiple
Privilege Escalation Vulnerabilities
http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter=2680
Solution Document Reference APARs:
N/A
CA Security Advisor posting:
CA Personal Firewall Multiple Privilege Escalation Vulnerabilities
http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97729
CAID: 34818
CAID Advisory link:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34818
Discoverer: Reverse Mode
http://www.reversemode.com/index.php?option=com_content&task=view&id=27&Itemid=2
CVE Reference: CVE-2006-6952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6952
OSVDB References: OSVDB ID: 30497, 30498
http://osvdb.org/30497
http://osvdb.org/30498
Other References:
[Reversemode advisory] Computer Associates HIPS Drivers - multiple
local privilege escalation vulnerabilities.
http://marc.theaimsgroup.com/?l=bugtraq&m=116379521731676&w=2

Changelog for this advisory:
v1.0 - Initial Release

Customers who require additional information should contact CA
Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory,
please send email to vuln@ca.com.

If you discover a vulnerability in CA products, please report
your findings to vuln@ca.com, or utilize our "Submit a
Vulnerability" form.
URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx


Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research

CA, One CA Plaza, Islandia, NY 11749

Contact http://www3.ca.com/contact/
Legal Notice http://www3.ca.com/legal/
Privacy Policy http://www3.ca.com/privacy/
Copyright (c) 2007 CA. All rights reserved.
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close