| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <649CDCB56C88AA458EFF2CBF494B62040B3682C7@USILMS12.ca.com> Date: Thu, 24 Feb 2011 23:20:07 -0500 From: "Williams, James K" <James.Williams@...com> To: <bugtraq@...urityfocus.com> Subject: CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System CA20110223-01: Security Notice for CA Host-Based Intrusion Prevention System Issued: February 23, 2011 Updated: February 24, 2011 CA Technologies support is alerting customers to a security risk associated with CA Host-Based Intrusion Prevention System (HIPS). A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA Technologies has issued patches to address the vulnerability. The vulnerability, CVE-2011-1036, is due to insecure method implementation in the XMLSecDB ActiveX control that is utilized in CA HIPS components and products. A remote attacker can potentially execute arbitrary code if he can trick a user into visiting a malicious web page or opening a malicious file. Risk Rating Medium Platform Windows Affected Products CA Host-Based Intrusion Prevention System (HIPS) r8.1 CA Internet Security Suite (ISS) 2010 CA Internet Security Suite (ISS) 2011 How to determine if the installation is affected HIPS Management Server is vulnerable if the version number is less than 8.1.0.88. HIPS client sources are vulnerable if the build number is less than 1.6.450. CA Internet Security Suite (ISS) 2010 is vulnerable if the ISS product version is equal to or less than 6.0.0.285 and the HIPS version is equal to or less than 1.6.384. CA Internet Security Suite (ISS) 2011 is vulnerable if the ISS product version is equal to or less than 7.0.0.115 and the HIPS version is equal to or less than 1.6.418. Older versions of HIPS and ISS, that are no longer supported, may also be vulnerable. Solution CA has issued the following patches to address the vulnerability. CA Host-Based Intrusion Prevention System (HIPS) r8.1: RO26950 Apply RO26950 and set the DWORD "ProtectParser" under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UmxCfg to "1". You do not need to restart the client. CA Internet Security Suite (ISS) 2010: Fix information will be published soon. CA Internet Security Suite (ISS) 2011: Fix information will be published soon. References CVE-2011-1036 - CA HIPS XMLSecDB ActiveX control insecure methods Acknowledgement Andrea Micalizzi aka rgod, via TippingPoint ZDI Change History Version 1.0: Initial Release Version 1.5: Added ISS 2011 to list of affected products. Added instructions for determining if ISS is affected. If additional information is required, please contact CA Technologies Support at https://support.ca.com. If you discover a vulnerability in a CA Technologies product, please report your findings to the CA Technologies Product Vulnerability Response Team. support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782 Thanks and regards, Ken Williams, Director ca technologies Product Vulnerability Response Team ca technologies Business Unit Operations wilja22@...com
Powered by blists - more mailing lists