PT-2008-4365 · Ca · Ca Host-Based Intrusion Prevention System

Publicado

2008-08-12

Atualizado

2021-04-09

CVE-2008-2926

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions CA Host-Based Intrusion Prevention System (HIPS) r8

Description The issue is related to the kmxfw.sys driver, which does not properly verify IOCTL requests. This can be exploited by local users to cause a denial of service, resulting in a system crash, or possibly gain privileges via a crafted request.

Recommendations For CA Host-Based Intrusion Prevention System (HIPS) r8, consider restricting access to the kmxfw.sys driver until a patch is available to prevent potential exploitation.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2008-2926

Produtos afetados

Ca Host-Based Intrusion Prevention System

PT-2008-4365 · Ca · Ca Host-Based Intrusion Prevention System

CVE-2008-2926

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10