| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <48A1E829.8020101@trapkit.de>
Date: Tue, 12 Aug 2008 21:44:41 +0200
From: Tobias Klein <tk@...pkit.de>
To: bugtraq@...urityfocus.com
Cc: full-disclosure@...ts.grok.org.uk
Subject: [TKADV2008-006] CA HIPS KmxFw.sys Kernel Memory
Corruption
The kernel driver KmxFw.sys shipped with various CA products contains a
vulnerability in the code that handles IOCTL requests. Exploitation of
this vulnerability can result in:
1) local denial of service attacks (system crash due to a kernel panic),
or
2) local execution of arbitrary code at the kernel level (complete
system compromise)
A full technical description can be found in the advisory available at:
http://www.trapkit.de/advisories/TKADV2008-006.txt
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists