BugTraq
[Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities. Nov 16 2006 05:15PM
Reversemode (advisories reversemode com) (1 replies)
RE: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities. Nov 21 2006 11:49PM
Williams, James K (James Williams ca com)

> -----Original Message-----
> From: Reversemode [mailto:advisories (at) reversemode (dot) com [email concealed]]
> Sent: Thursday, November 16, 2006 11:15 AM
> To: Securityfocus
> Subject: [Reversemode advisory] Computer Associates HIPS
> Drivers - multiple local privilege escalation vulnerabilities.
>
>
> Computer Associates "Host Intrusion Prevention System" Engine Drivers
> are prone to multiple local privilege escalation vulnerabilities.
> Unprivileged users can take advantage of these flaws in order
> to execute arbitrary code with kernel privileges.
>
> Two drivers are affected, kmxstart.sys and kmxfw.sys. These
> drivers hook TDI and NDIS.

[...snip...]

Rubén, Reversemode,
Thanks for the report.

Bugtraq,
CA has been aware of this issue since 2006-11-16,
and we are currently working on a solution. If you
have questions or concerns, please send email to
vuln AT ca DOT com.

Regards,
Ken

Ken Williams ; 0xE2941985
Director, CA Vulnerability Research
W: 816.686.8742 ; M: 816.914.4225

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus