[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <455C9CA3.3050007@reversemode.com>
Date: Thu, 16 Nov 2006 18:15:15 +0100
From: Reversemode <advisories@...ersemode.com>
To: Securityfocus <bugtraq@...urityfocus.com>
Subject: [Reversemode advisory] Computer Associates HIPS Drivers - multiple
local privilege escalation vulnerabilities.
Computer Associates "Host Intrusion Prevention System" Engine Drivers
are prone to multiple local privilege escalation vulnerabilities.
Unprivileged users can take advantage of these flaws in order to execute
arbitrary code with kernel privileges.
Two drivers are affected, kmxstart.sys and kmxfw.sys. These drivers hook
TDI and NDIS. Using a couple of privileged IOCTLs, unprivileged users
can overwrite several function pointers within these drivers.
Vendor was notified. No response received.
State: Unpatched.
Products affected: CA Internet Security, CA Personal Firewall...
Advisory
http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=38
Driver: kmxfw.sys Version: 6.5.4.31
Exploit #1
http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=39
Driver: kmxstart.sys Version: 6.5.4.10
Exploit #2
http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=40
Greets,
Rubén Santamarta
-------------------
www.reversemode.com
Advanced Reverse Engineering Services
Powered by blists - more mailing lists