Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Security App Flaws :: b06-5854.htm

Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities.



Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities.
Computer Associates HIPS Drivers - multiple local privilege escalation vulnerabilities.




Computer Associates "Host Intrusion Prevention System" Engine Drivers
are prone to multiple local privilege escalation vulnerabilities.
Unprivileged users can take advantage of these flaws in order to execute
arbitrary code with kernel privileges.

Two drivers are affected, kmxstart.sys and kmxfw.sys. These drivers hook
TDI and NDIS. Using a couple of privileged IOCTLs, unprivileged users
can overwrite several function pointers within these drivers.

Vendor was notified. No response received.
State: Unpatched.
Products affected: CA Internet Security, CA Personal Firewall...

Advisory
http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=38 

Driver: kmxfw.sys Version: 6.5.4.31
Exploit #1
http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=39 

Driver: kmxstart.sys Version: 6.5.4.10
Exploit #2
http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=40 

Greets,
Rub=E9n Santamarta

-------------------
www.reversemode.com 
Advanced Reverse Engineering Services


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH