what you don't know can hurt you

CA HIPS Arbitrary Code Execution

CA HIPS Arbitrary Code Execution
Posted Feb 25, 2011
Authored by Ken Williams | Site www3.ca.com

CA Technologies support is alerting customers to a security risk associated with CA Host-Based Intrusion Prevention System (HIPS). A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerability. The vulnerability is due to insecure method implementation in the XMLSecDB ActiveX control that is utilized in CA HIPS components and products. A remote attacker can potentially execute arbitrary code if he can trick a user into visiting a malicious web page or opening a malicious file. Versions prior to 8.1.0.88 are affected.

tags | advisory, remote, web, arbitrary, activex
advisories | CVE-2011-1036
MD5 | 9551ac86c08c1110bdce359f65859c95

CA HIPS Arbitrary Code Execution

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention
System

Issued: February 23, 2011
Updated: February 24, 2011


CA Technologies support is alerting customers to a security risk
associated with CA Host-Based Intrusion Prevention System (HIPS). A
vulnerability exists that can allow a remote attacker to execute
arbitrary code. CA Technologies has issued patches to address the
vulnerability.

The vulnerability, CVE-2011-1036, is due to insecure method
implementation in the XMLSecDB ActiveX control that is utilized in CA
HIPS components and products. A remote attacker can potentially execute
arbitrary code if he can trick a user into visiting a malicious web
page or opening a malicious file.


Risk Rating
Medium


Platform
Windows


Affected Products
CA Host-Based Intrusion Prevention System (HIPS) r8.1
CA Internet Security Suite (ISS) 2010
CA Internet Security Suite (ISS) 2011


How to determine if the installation is affected
HIPS Management Server is vulnerable if the version number is less than
8.1.0.88.

HIPS client sources are vulnerable if the build number is less than
1.6.450.

CA Internet Security Suite (ISS) 2010 is vulnerable if the ISS product
version is equal to or less than 6.0.0.285 and the HIPS version is
equal to or less than 1.6.384.

CA Internet Security Suite (ISS) 2011 is vulnerable if the ISS product
version is equal to or less than 7.0.0.115 and the HIPS version is
equal to or less than 1.6.418.

Older versions of HIPS and ISS, that are no longer supported, may also
be vulnerable.


Solution

CA has issued the following patches to address the vulnerability.

CA Host-Based Intrusion Prevention System (HIPS) r8.1:
RO26950
Apply RO26950 and set the DWORD "ProtectParser" under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UmxCfg to "1". You
do not need to restart the client.

CA Internet Security Suite (ISS) 2010:
Fix information will be published soon.

CA Internet Security Suite (ISS) 2011:
Fix information will be published soon.


References

CVE-2011-1036 - CA HIPS XMLSecDB ActiveX control insecure methods


Acknowledgement

Andrea Micalizzi aka rgod, via TippingPoint ZDI


Change History

Version 1.0: Initial Release
Version 1.5: Added ISS 2011 to list of affected products. Added
instructions for determining if ISS is affected.


If additional information is required, please contact CA Technologies
Support at https://support.ca.com.

If you discover a vulnerability in a CA Technologies product, please
report your findings to the CA Technologies Product Vulnerability
Response Team.
support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782


Thanks and regards,
Ken Williams, Director
ca technologies Product Vulnerability Response Team
ca technologies Business Unit Operations
wilja22@ca.com

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.9.1 (Build 287)
Charset: utf-8

wj8DBQFNZypeeSWR3+KUGYURAmbuAJ9tD5x666uOpX6ia6ksu4rdnksyggCfSwCn
kb1ylRiLIRzRg3j1VygjImQ=
=M+5z
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

September 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    1 Files
  • 2
    Sep 2nd
    38 Files
  • 3
    Sep 3rd
    30 Files
  • 4
    Sep 4th
    15 Files
  • 5
    Sep 5th
    12 Files
  • 6
    Sep 6th
    17 Files
  • 7
    Sep 7th
    3 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    24 Files
  • 10
    Sep 10th
    22 Files
  • 11
    Sep 11th
    22 Files
  • 12
    Sep 12th
    15 Files
  • 13
    Sep 13th
    5 Files
  • 14
    Sep 14th
    2 Files
  • 15
    Sep 15th
    1 Files
  • 16
    Sep 16th
    11 Files
  • 17
    Sep 17th
    16 Files
  • 18
    Sep 18th
    8 Files
  • 19
    Sep 19th
    14 Files
  • 20
    Sep 20th
    20 Files
  • 21
    Sep 21st
    3 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close