RE: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities.

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities.
From: "Williams, James K" <James.Williams@xxxxxx>
Date: Tue, 21 Nov 2006 18:49:56 -0500
In-reply-to: <455C9CA3.3050007@xxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AccNx7+M4T2xnEijT4WCyCO4Uko9qw==
Thread-topic: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities.

> -----Original Message-----
> From: Reversemode [mailto:advisories@xxxxxxxxxxxxxxx] 
> Sent: Thursday, November 16, 2006 11:15 AM
> To: Securityfocus
> Subject: [Reversemode advisory] Computer Associates HIPS 
> Drivers - multiple local privilege escalation vulnerabilities. 
> 
> 
> Computer Associates "Host Intrusion Prevention System" Engine Drivers
> are prone to multiple local privilege escalation vulnerabilities.
> Unprivileged users can take advantage of these flaws in order 
> to execute arbitrary code with kernel privileges.
> 
> Two drivers are affected, kmxstart.sys and kmxfw.sys. These 
> drivers hook TDI and NDIS. 

[...snip...]

Rubén, Reversemode,
Thanks for the report.

Bugtraq,
CA has been aware of this issue since 2006-11-16, 
and we are currently working on a solution.  If you
have questions or concerns, please send email to 
vuln AT ca DOT com.

Regards,
Ken

Ken Williams ; 0xE2941985
Director, CA Vulnerability Research
W: 816.686.8742 ; M: 816.914.4225

References:
- [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities.
  - From: Reversemode

Prev by Date: Advisory: Seditio <= 1.10 Remote SQL Injection Vulnerability.
Next by Date: VMSA-2006-0010 - SSL sessions not authenticated by VC Clients
Previous by thread: [Reversemode advisory] Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities.
Next by thread: igital Armaments November-Decemberr Hacking Challenge: KERNEL Remote
Index(es):
- Date
- Thread