copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
 
Search this site

 
On this site

 > HOME
 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Training
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login

  Home » Security Bul... » By Operating... » Windows (all) » AU-2007.0005 -- AusCERT Update - [Win] - CA Personal...
 

AU-2007.0005 -- AusCERT Update - [Win] - CA Personal Firewall privilege escalation vulnerabilities now fixed
Date: 12 February 2007
References: AA-2006.0094  

Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

AusCERT Update AU-2007.0005 - [Win]
CA Personal Firewall privilege escalation vulnerabilities now fixed
12 February 2007

        AusCERT Update Summary
        ----------------------

Product:              CA Personal Firewall 2007 v9.0
                      CA Internet Security Suite 2007 v3.0
Publisher:            CA
Operating System:     Windows
Impact:               Administrator Compromise
Access:               Existing Account
CVE Names:            CVE-2006-6952

Ref:                  AA-2006.0094

Original Bulletin:    
  http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97729

Comment: 
  This CA advisory addresses the vulnerability reported in December
  in AusCERT Advisory AA-2006.0094.

- --------------------------BEGIN INCLUDED TEXT--------------------

Title: [CAID 34818]: CA Personal Firewall Multiple Privilege 
Escalation Vulnerabilities

CA Vuln ID (CAID): 34818

CA Advisory Date: 2007-01-22

Discovered By: Reverse Mode

Impact: Local attacker can gain escalated privileges.

Summary: Multiple vulnerabilities have been discovered in CA 
Personal Firewall drivers. The vulnerabilities are due to errors 
in the HIPS Core (KmxStart.sys) and HIPS Firewall (KmxFw.sys) 
drivers. Local attackers can exploit these vulnerabilities to gain 
escalated privileges.

Mitigating Factors: Local user account required for exploitation.

Severity: CA has given these vulnerability issues a Medium risk 
rating.

Affected Products:
CA Personal Firewall 2007 (v9.0) Engine version 1.0.173 and below
CA Internet Security Suite 2007 (v3.0) with CA Personal Firewall 
   2007 (v9.0) Engine version 1.0.173 and below 

Affected platforms:
Microsoft Windows

Status and Recommendation: 
CA has addressed this issue by providing a new automatic update on 
January 22, 2007. Customers running one of the affected products 
simply need to ensure that they have allowed this automatic update 
to take place.

Determining if you are affected:
To ensure that the update has taken place, customers can view the 
Help > About screen in their CA Personal Firewall product and 
confirm that their engine version number is 1.0.176 or higher.

References (URLs may wrap): 
CA SupportConnect:
http://supportconnect.ca.com/
CA Consumer Support Knowledge Document for this vulnerability:
Medium Risk CA Personal Firewall Vulnerability - Multiple 
Privilege Escalation Vulnerabilities
http://crm.my-etrust.com/login.asp?username=guest&target=DOCUMENT&openparameter=2680
Solution Document Reference APARs: 
N/A
CA Security Advisor posting:
CA Personal Firewall Multiple Privilege Escalation Vulnerabilities
http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97729
CAID: 34818
CAID Advisory link:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34818
Discoverer: Reverse Mode
http://www.reversemode.com/index.php?option=com_content&task=view&id=27&Itemid=2
CVE Reference: CVE-2006-6952
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6952
OSVDB References: OSVDB ID: 30497, 30498
http://osvdb.org/30497
http://osvdb.org/30498
Other References:
[Reversemode advisory] Computer Associates HIPS Drivers - multiple 
local privilege escalation vulnerabilities.
http://marc.theaimsgroup.com/?l=bugtraq&m=116379521731676&w=2

Changelog for this advisory:
v1.0 - Initial Release

Customers who require additional information should contact CA 
Technical Support at http://supportconnect.ca.com.

For technical questions or comments related to this advisory,
please send email to vuln@ca.com.

If you discover a vulnerability in CA products, please report
your findings to vuln@ca.com, or utilize our "Submit a 
Vulnerability" form.
URL: http://www3.ca.com/securityadvisor/vulninfo/submit.aspx


Regards,
Ken Williams ; 0xE2941985
Director, CA Vulnerability Research

CA, One CA Plaza, Islandia, NY 11749
	
Contact http://www3.ca.com/contact/
Legal Notice http://www3.ca.com/legal/
Privacy Policy http://www3.ca.com/privacy/
Copyright (c) 2007 CA. All rights reserved.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRc/ceSh9+71yA2DNAQIKrwP/fiRyMzTxtvREO6NZGaf/ict1PtnzfFKj
4QUO/OlTTRCllJbXcM0HW8aepLYUo2ViUloIz18zv5Gc1sv6uIitwgQ292DHh78D
nfR7VIomjhqyrZ7orA+SK1VgljgG0gl6k7ZHS7TYRZbcWo4ekQRBcLEu83kUlg3n
vd8e1DWxkgw=
=MbBj
-----END PGP SIGNATURE-----




Comments? Click here http://www.auscert.org.au/render.html?cid=21&it=7269