Title: [CAID 34818]: CA Personal Firewall Multiple Privilege Escalation Vulnerabilities CA Vuln ID (CAID): 34818 CA Advisory Date: 2007-01-22 Discovered By: Reverse Mode Impact: Local attacker can gain escalated privileges. Summary: Multiple vulnerabilities have been discovered in CA Personal Firewall drivers. The vulnerabilities are due to errors in the HIPS Core (KmxStart.sys) and HIPS Firewall (KmxFw.sys) drivers. Local attackers can exploit these vulnerabilities to gain escalated privileges. Mitigating Factors: Local user account required for exploitation. Severity: CA has given these vulnerability issues a Medium risk rating. Affected Products: CA Personal Firewall 2007 (v9.0) Engine version 1.0.173 and below CA Internet Security Suite 2007 (v3.0) with CA Personal Firewall 2007 (v9.0) Engine version 1.0.173 and below Affected platforms: Microsoft Windows Status and Recommendation: CA has addressed this issue by providing a new automatic update on January 22, 2007. Customers running one of the affected products simply need to ensure that they have allowed this automatic update to take place. Determining if you are affected: To ensure that the update has taken place, customers can view the Help > About screen in their CA Personal Firewall product and confirm that their engine version number is 1.0.176 or higher. References (URLs may wrap): CA SupportConnect: http://supportconnect.ca.com/ CA Consumer Support Knowledge Document for this vulnerability: Medium Risk CA Personal Firewall Vulnerability - Multiple Privilege Escalation Vulnerabilities http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter=2680 Solution Document Reference APARs: N/A CA Security Advisor posting: CA Personal Firewall Multiple Privilege Escalation Vulnerabilities http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97729 CAID: 34818 CAID Advisory link: http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34818 Discoverer: Reverse Mode http://www.reversemode.com/index.php?option=com_content&task=view&id=27&Itemid=2 CVE Reference: CVE-2006-6952 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6952 OSVDB References: OSVDB ID: 30497, 30498 http://osvdb.org/30497 http://osvdb.org/30498 Other References: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities. http://marc.theaimsgroup.com/?l=bugtraq&m=116379521731676&w=2 Changelog for this advisory: v1.0 - Initial Release Customers who require additional information should contact CA Technical Support at http://supportconnect.ca.com. For technical questions or comments related to this advisory, please send email to vuln@ca.com. If you discover a vulnerability in CA products, please report your findings to vuln@ca.com, or utilize our "Submit a Vulnerability" form. URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research CA, One CA Plaza, Islandia, NY 11749 Contact http://www3.ca.com/contact/ Legal Notice http://www3.ca.com/legal/ Privacy Policy http://www3.ca.com/privacy/ Copyright (c) 2007 CA. All rights reserved.