[Full-disclosure] [TKADV2008-006] CA HIPS KmxFw.sys Kernel Memory Corruption
- From: Tobias Klein <tk@xxxxxxxxxx>
- Date: Tue, 12 Aug 2008 21:44:41 +0200
The kernel driver KmxFw.sys shipped with various CA products contains a
vulnerability in the code that handles IOCTL requests. Exploitation of
this vulnerability can result in:
1) local denial of service attacks (system crash due to a kernel panic),
or
2) local execution of arbitrary code at the kernel level (complete
system compromise)
A full technical description can be found in the advisory available at:
http://www.trapkit.de/advisories/TKADV2008-006.txt
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: [Full-disclosure] rPSA-2008-0253-1 git gitweb
- Next by Date: Re: [Full-disclosure] Internet attacks against Georgian web sites
- Previous by thread: [Full-disclosure] rPSA-2008-0253-1 git gitweb
- Next by thread: [Full-disclosure] Step-by-step instructions for debugging Cisco IOS using gdb
- Index(es):
Relevant Pages
|
