Technical Description

Two vulnerabilities have been identified in various CA products, which could be exploited by attackers or malicious users to gain elevated privileges or cause a denial of service.

The first issue is caused by an input validation error in the "kmxfw.sys" driver when processing user-supplied data, which could be exploited by unprivileged users to cause a system crash or execute arbitrary code with kernel privileges via a specially crafted IOCTL request.

The second vulnerability is caused by an unspecified input validation error in the "kmxfw.sys" driver, which could allow attackers to cause a denial of service condition.

Affected Products

CA Host-Based Intrusion Prevention System r8
CA Internet Security Suite 2007
CA Internet Security Suite 2008
CA Personal Firewall 2007
CA Personal Firewall 2008

Solution

Apply patch for CA Host-Based Intrusion Prevention System r8 :
https://support.ca.com/irj/portal/anonymous/SolutionResults?aparNo=RO00535&actionID=4

CA Internet Security Suite r3, r4 and CA Personal Firewall 2007, 2008 : Upgrade to engine version 1.2.276 or later via the built-in update mechanism.

References

http://www.vupen.com/english/advisories/2008/2339
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36559
http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36560

Credits

Vulnerabilities reported by Tobias Klein and Elazar Broad.

ChangeLog

2008-08-12 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.