Bugtraq mailing list archives
RE: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities.
From: "Williams, James K" <James.Williams () ca com>
Date: Tue, 21 Nov 2006 18:49:56 -0500
-----Original Message----- From: Reversemode [mailto:advisories () reversemode com] Sent: Thursday, November 16, 2006 11:15 AM To: Securityfocus Subject: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities. Computer Associates "Host Intrusion Prevention System" Engine Drivers are prone to multiple local privilege escalation vulnerabilities. Unprivileged users can take advantage of these flaws in order to execute arbitrary code with kernel privileges. Two drivers are affected, kmxstart.sys and kmxfw.sys. These drivers hook TDI and NDIS.
[...snip...] Rubén, Reversemode, Thanks for the report. Bugtraq, CA has been aware of this issue since 2006-11-16, and we are currently working on a solution. If you have questions or concerns, please send email to vuln AT ca DOT com. Regards, Ken Ken Williams ; 0xE2941985 Director, CA Vulnerability Research W: 816.686.8742 ; M: 816.914.4225
Current thread:
- [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities. Reversemode (Nov 17)
- RE: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities. Williams, James K (Nov 21)