Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2926

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2008-2926
Last Modified 07 Mar 2011 10:09:57
Published 12 Aug 2008 07:41:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2008-2926

Summary

The kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, does not properly verify IOCTL requests, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted request.

Vulnerable Systems

Application

  • Ca Host Based Intrusion Prevention System R8

  • Ca Internet Security Suite 2008

  • Ca Internet Security Suite 3.0

  • Ca Personal Firewall 2007

  • Ca Personal Firewall 2008


References

SECUNIA - 31434

XF - ca-kmxfw-privilege-escalation(44392)

VUPEN - ADV-2008-2339

SECTRACK - 1020660

SECTRACK - 1020659

SECTRACK - 1020658

BID - 30651

BUGTRAQ - 20080812 CA Host-Based Intrusion Prevention System SDK kmxfw.sys Multiple Vulnerabilities

CONFIRM - http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36559


Last Updated: 27 May 2016 10:48:02