Bugtraq mailing list archives

RE: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities.

From: "Williams, James K" <James.Williams () ca com>
Date: Tue, 21 Nov 2006 18:49:56 -0500

-----Original Message-----
From: Reversemode [mailto:advisories () reversemode com] 
Sent: Thursday, November 16, 2006 11:15 AM
To: Securityfocus
Subject: [Reversemode advisory] Computer Associates HIPS 
Drivers - multiple local privilege escalation vulnerabilities. 

Computer Associates "Host Intrusion Prevention System" Engine Drivers
are prone to multiple local privilege escalation vulnerabilities.
Unprivileged users can take advantage of these flaws in order 
to execute arbitrary code with kernel privileges.

Two drivers are affected, kmxstart.sys and kmxfw.sys. These 
drivers hook TDI and NDIS.


[...snip...]

Rubén, Reversemode,
Thanks for the report.

Bugtraq,
CA has been aware of this issue since 2006-11-16, 
and we are currently working on a solution.  If you
have questions or concerns, please send email to 
vuln AT ca DOT com.

Regards,
Ken

Ken Williams ; 0xE2941985
Director, CA Vulnerability Research
W: 816.686.8742 ; M: 816.914.4225

Current thread:

[Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities. Reversemode (Nov 17)
- RE: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities. Williams, James K (Nov 21)