lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 24 Jan 2007 18:39:27 -0500
From: "Williams, James K" <>
To: <>
Subject: [CAID 34818]: CA Personal Firewall Multiple Privilege Escalation Vulnerabilities

Title: [CAID 34818]: CA Personal Firewall Multiple Privilege 
Escalation Vulnerabilities

CA Vuln ID (CAID): 34818

CA Advisory Date: 2007-01-22

Discovered By: Reverse Mode

Impact: Local attacker can gain escalated privileges.

Summary: Multiple vulnerabilities have been discovered in CA 
Personal Firewall drivers. The vulnerabilities are due to errors 
in the HIPS Core (KmxStart.sys) and HIPS Firewall (KmxFw.sys) 
drivers. Local attackers can exploit these vulnerabilities to gain 
escalated privileges.

Mitigating Factors: Local user account required for exploitation.

Severity: CA has given these vulnerability issues a Medium risk 

Affected Products:
CA Personal Firewall 2007 (v9.0) Engine version 1.0.173 and below
CA Internet Security Suite 2007 (v3.0) with CA Personal Firewall 
   2007 (v9.0) Engine version 1.0.173 and below 

Affected platforms:
Microsoft Windows

Status and Recommendation: 
CA has addressed this issue by providing a new automatic update on 
January 22, 2007. Customers running one of the affected products 
simply need to ensure that they have allowed this automatic update 
to take place.

Determining if you are affected:
To ensure that the update has taken place, customers can view the 
Help > About screen in their CA Personal Firewall product and 
confirm that their engine version number is 1.0.176 or higher.

References (URLs may wrap): 
CA SupportConnect:
CA Consumer Support Knowledge Document for this vulnerability:
Medium Risk CA Personal Firewall Vulnerability - Multiple 
Privilege Escalation Vulnerabilities
Solution Document Reference APARs: 
CA Security Advisor posting:
CA Personal Firewall Multiple Privilege Escalation Vulnerabilities
CAID: 34818
CAID Advisory link:
Discoverer: Reverse Mode
CVE Reference: CVE-2006-6952
OSVDB References: OSVDB ID: 30497, 30498
Other References:
[Reversemode advisory] Computer Associates HIPS Drivers - multiple 
local privilege escalation vulnerabilities.

Changelog for this advisory:
v1.0 - Initial Release

Customers who require additional information should contact CA 
Technical Support at

For technical questions or comments related to this advisory,
please send email to

If you discover a vulnerability in CA products, please report
your findings to, or utilize our "Submit a 
Vulnerability" form.

Ken Williams ; 0xE2941985
Director, CA Vulnerability Research

CA, One CA Plaza, Islandia, NY 11749
Legal Notice
Privacy Policy
Copyright (c) 2007 CA. All rights reserved.

Powered by blists - more mailing lists