Computer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall kmxfw.sys 6.5.4.10 allow local users to gain privileges by using certain privileged IOCTLs to modify callback function pointers.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Host-based_intrusion_prevention_system | Ca | core_6.5.4.31 (including) | core_6.5.4.31 (including) |
| Host-based_intrusion_prevention_system | Ca | firewall_6.5.4.10 (including) | firewall_6.5.4.10 (including) |
References
- http://secunia.com/advisories/22972
- http://www.osvdb.org/30497
- http://www.osvdb.org/30498
- http://www.reversemode.com/index.php?option=com_remository\u0026Itemid=2\u0026func=fileinfo\u0026id=38
- http://www.securityfocus.com/archive/1/451952/100/0/threaded
- http://www.securityfocus.com/archive/1/452286/100/0/threaded
- http://www.securityfocus.com/archive/1/458040/100/200/threaded
- http://www.securityfocus.com/bid/21140
- http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97729
- http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34818
- http://secunia.com/advisories/22972
- http://www.osvdb.org/30497
- http://www.osvdb.org/30498
- http://www.reversemode.com/index.php?option=com_remository\u0026Itemid=2\u0026func=fileinfo\u0026id=38
- http://www.securityfocus.com/archive/1/451952/100/0/threaded
- http://www.securityfocus.com/archive/1/452286/100/0/threaded
- http://www.securityfocus.com/archive/1/458040/100/200/threaded
- http://www.securityfocus.com/bid/21140
- http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97729
- http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34818