Denial of Service : CA kmxfw.sys Code Execution and DoS Vulnerabilities

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 146377 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.900202

Kategorie: Denial of Service

Titel: CA kmxfw.sys Code Execution and DoS Vulnerabilities

Zusammenfassung: CA Product(s) are prone to local code execution and denial of service (DoS); vulnerabilities.

Beschreibung: Summary:
CA Product(s) are prone to local code execution and denial of service (DoS)
vulnerabilities.

Vulnerability Insight:
Multiple flaws exist due to insufficient verification/validation of IOCTL
requests by the kmxfw.sys driver.

Vulnerability Impact:
A remote/local user can cause denial of service conditions or
execute arbitrary code by sending a specially crafted IOCTL requests.

Affected Software/OS:
CA Internet Security Suite 2007 (v3.2) with CA Personal Firewall 2007 (v9.1) Engine version 1.2.260 and below

CA Internet Security Suite 2008 (v4.0) with CA Personal Firewall 2008 (v10.0) Engine version 1.2.260 and below

CA Personal Firewall 2007 (v9.1) with Engine version 1.2.260 and below

CA Personal Firewall 2008 (v10.0) with Engine version 1.2.260 and below

CA Host-Based Intrusion Prevention System r8

Solution:
Ensure the latest engine is installed by using the built-in update
mechanism and for Host-Based Intrusion Prevention System.

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2008-2926
BugTraq ID: 30651
http://www.securityfocus.com/bid/30651
Bugtraq: 20080812 CA Host-Based Intrusion Prevention System SDK kmxfw.sys Multiple Vulnerabilities (Google Search)
http://www.securityfocus.com/archive/1/495397/100/0/threaded
http://www.securitytracker.com/id?1020658
http://www.securitytracker.com/id?1020659
http://www.securitytracker.com/id?1020660
http://secunia.com/advisories/31434
http://www.vupen.com/english/advisories/2008/2339
XForce ISS Database: ca-kmxfw-privilege-escalation(44392)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44392

Copyright Copyright (C) 2008 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.900202
Kategorie:	Denial of Service
Titel:	CA kmxfw.sys Code Execution and DoS Vulnerabilities
Zusammenfassung:	CA Product(s) are prone to local code execution and denial of service (DoS); vulnerabilities.
Beschreibung:	Summary: CA Product(s) are prone to local code execution and denial of service (DoS) vulnerabilities. Vulnerability Insight: Multiple flaws exist due to insufficient verification/validation of IOCTL requests by the kmxfw.sys driver. Vulnerability Impact: A remote/local user can cause denial of service conditions or execute arbitrary code by sending a specially crafted IOCTL requests. Affected Software/OS: CA Internet Security Suite 2007 (v3.2) with CA Personal Firewall 2007 (v9.1) Engine version 1.2.260 and below CA Internet Security Suite 2008 (v4.0) with CA Personal Firewall 2008 (v10.0) Engine version 1.2.260 and below CA Personal Firewall 2007 (v9.1) with Engine version 1.2.260 and below CA Personal Firewall 2008 (v10.0) with Engine version 1.2.260 and below CA Host-Based Intrusion Prevention System r8 Solution: Ensure the latest engine is installed by using the built-in update mechanism and for Host-Based Intrusion Prevention System. CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-2926 BugTraq ID: 30651 http://www.securityfocus.com/bid/30651 Bugtraq: 20080812 CA Host-Based Intrusion Prevention System SDK kmxfw.sys Multiple Vulnerabilities (Google Search) http://www.securityfocus.com/archive/1/495397/100/0/threaded http://www.securitytracker.com/id?1020658 http://www.securitytracker.com/id?1020659 http://www.securitytracker.com/id?1020660 http://secunia.com/advisories/31434 http://www.vupen.com/english/advisories/2008/2339 XForce ISS Database: ca-kmxfw-privilege-escalation(44392) https://exchange.xforce.ibmcloud.com/vulnerabilities/44392
Copyright	Copyright (C) 2008 Greenbone AG