SecuriTeam - CA Host-Based Intrusion Prevention System Denial of Service

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Ask the Team
Mailing Lists
Advertising Info
Advisories
About SecuriTeam
Blogs

Brought to you by:

Suppliers of:

SecuriTeam in Your Inbox

New vulnerability?
New tool?
Tell us
(Our PGP key).

CanSecWest 2012

2nd Annual Cyber Security

Hack In Paris

CA's technical support is alerting customers to a security risk with CA Host-Based Intrusion Prevention System. A vulnerability exists that can allow a remote attacker to cause a denial of service. CA has issued a patch to address the vulnerability.

Credit:
The information has been provided by iViZ Security Research Team and Kevin Kotas.
The original article can be found at: https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214665

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Protect your website!
Use an External Vulnerability Scanner!
Nothing to install. First report in 1 hour!
www.beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* CA Host-Based Intrusion Prevention System version 8.1

Immune Systems:
* CA Host-Based Intrusion Prevention System version 8.1 CF 1

The vulnerability is due to the kmxIds.sys driver not correctly handling certain malformed packets. An attacker can send a malicious packet that will cause a kernel crash.

How to determine if the installation is affected
1. Using Windows Explorer, locate the file "kmxIds.sys". By default, the file is located in the "C:\Windows\system32\drivers\" directory.
2. Right click on the file and select Properties.
3. Select the Version tab.
4. If the file version is less than indicated in the below table, the installation is vulnerable.

File Name kmxIds.sys
Version 7.3.1.18
Size(bytes) 163,840
Date June 03, 2009, 12:32:22 PM

Patch Availability:
CA has issued the following patch to address the vulnerability.
CA Host-Based Intrusion Prevention System 8.1: Install Cumulative Fix 1 RO10298.

CVE Information:
CVE-2009-2740

--------------------------------------------------------------------------------------------------------------------------------
Find out more about SQL injection and eliminate it.

blog comments powered by Disqus

	HP Data Protector LogBackupLocationStatus SQL Injection Vulnerabilty
	InduSoft WebStudio Unauthenticated Operations Code Execution Vulnerabilityy
	InduSoft WebStudio CEServer Operation 0x15 Code Execution Vulnerability
	HP Data Protector Notebook Extension RequestCopy SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension LogClientInstallation SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension GetPolicies SQL Injection Vulnerabilty
	GE Proficy Historian ihDataArchiver.exe Trusted Header Size Code Execution Vulnerability
	HP Data Protector Notebook Extension LogClientHealth SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension LogCopyOperation SQL Injection Vulnerabilty
	HP Data Protector Notebook Extension FinishedCopy SQL Injection Vulnerabilty
	Novell ZENWorks Software Packaging ISGrid.Grid2.1 Text Parameter Code Execution Vulnerabilit
	Adobe Reader BMP Image RLE Decoding Code Execution Vulnerability
	Apple QuickTime H264 Matrix Conversion Code Execution Vulnerability
	Apple QuickTime FLC Delta Decompression Code Execution Vulnerability
	Apple Quicktime PnPixPat PatType 3 Parsing Code Execution Vulnerability