|
|
|
|
| |
Credit:
The information has been provided by iViZ Security Research Team and Kevin Kotas.
The original article can be found at: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214665
|
| |
Vulnerable Systems:
* CA Host-Based Intrusion Prevention System version 8.1
Immune Systems:
* CA Host-Based Intrusion Prevention System version 8.1 CF 1
The vulnerability is due to the kmxIds.sys driver not correctly handling certain malformed packets. An attacker can send a malicious packet that will cause a kernel crash.
How to determine if the installation is affected
1. Using Windows Explorer, locate the file "kmxIds.sys". By default, the file is located in the "C:\Windows\system32\drivers\" directory.
2. Right click on the file and select Properties.
3. Select the Version tab.
4. If the file version is less than indicated in the below table, the installation is vulnerable.
File Name kmxIds.sys
Version 7.3.1.18
Size(bytes) 163,840
Date June 03, 2009, 12:32:22 PM
Patch Availability:
CA has issued the following patch to address the vulnerability.
CA Host-Based Intrusion Prevention System 8.1: Install Cumulative Fix 1 RO10298.
CVE Information:
CVE-2009-2740
--------------------------------------------------------------------------------------------------------------------------------
Find out more about SQL injection and eliminate it.
|
|
|
|
|
