ID

VAR-200808-0291

CVE

CVE-2008-3174

TITLE

CA Internet Security Suite Used for etc. CA HIPS of kmxfw.sys Service disruption in drivers (DoS) Vulnerabilities

DESCRIPTION

Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, allows remote attackers to cause a denial of service via unknown vectors, related to "insufficient validation.". (DoS) There is a vulnerability that becomes a condition.Service disruption by a third party (DoS) There is a possibility of being put into a state. Computer Associates products are prone to two vulnerabilities. Attackers may exploit the first vulnerability locally to execute arbitrary code with SYSTEM-level privileges or cause a system crash. Attackers may exploit the second vulnerability remotely to cause denial-of-service conditions. Successful attacks will completely compromise the computer or cause denial-of-service conditions. There is an unknown vulnerability in the kmxfw.sys driver in CA HIPS r8. 2) An unspecified error in the kmxfw.sys driver can be exploited to cause a DoS. PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Tobias Klein 2) Elazar Broad ORIGINAL ADVISORY: CA: http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36559 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36560 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . CA has issued updates to address the vulnerabilities. The first vulnerability, CVE-2008-2926, occurs due to insufficient verification of IOCTL requests by the kmxfw.sys driver. The second vulnerability, CVE-2008-3174, occurs due to insufficient validation by the kmxfw.sys driver. An attacker can make a request that can cause a system crash. Mitigating Factors: None Severity: CA has given these vulnerabilities a Medium risk rating. CA Personal Firewall Engine 1.2.276 and later are not affected. To ensure that the latest automatic update is installed on your computer, customers can view the Help>About screen in their CA Personal Firewall product and confirm that the engine version number is 1.2.276 or higher. For support information, visit http://shop.ca.com/support. How to determine if you are affected: 1. Using Windows Explorer, locate the file "kmxfw.sys". By default, the file is located in the "C:\Windows\system32\drivers\" directory. 2. Right click on the file and select Properties. 3. Select the General tab. 4. If the file version is less than indicated in the below table, the installation is vulnerable. File Name Version Size (bytes) Date kmxfw.sys 6.5.5.18 115,216 March 14, 2008 Workaround: None References (URLs may wrap): CA Support: http://support.ca.com/ Security Notice for CA Host-Based Intrusion Prevention System SDK https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=182496 Solution Document Reference APARs: RO00535 CA Security Response Blog posting: CA Host-Based Intrusion Prevention System SDK kmxfw.sys Multiple Vulnerabilities community.ca.com/blogs/casecurityresponseblog/archive/2008/08/12.aspx Reported By: Tobias Klein (CVE-2008-2926) http://www.trapkit.de/ Elazar Broad (CVE-2008-3174) CVE References: CVE-2008-2926 - CA HIPS kmxfw.sys IOCTL http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2926 CVE-2008-3174 - CA HIPS kmxfw.sys denial of service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3174 OSVDB References: Pending http://osvdb.org/ Changelog for this advisory: v1.0 - Initial Release Customers who require additional information should contact CA Technical Support at http://support.ca.com. For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com. If you discover a vulnerability in CA products, please report your findings to our product security response team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782 Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research CA, 1 CA Plaza, Islandia, NY 11749 Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2008 CA. All rights reserved. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj4DBQFIoduueSWR3+KUGYURAmmKAJ9FWl5gIZrbrGhg5CZ0NKzw0QE8qQCY+Qys ekQdlRjiIYnyp9WEqqGAxQ== =ltU4 -----END PGP SIGNATURE-----

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

lack of information

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Tobias Klein, Elazar Broad

SOURCES

LAST UPDATE DATE

2025-04-10T23:05:19.791000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE