CVE-2006-6952
published 2007-01-24CVE-2006-6952: Computer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall kmxfw.sys 6.5.4.10 allow local users to…
PriorityP428high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
1.02%
59.1th percentile
Computer Associates Host Intrusion Prevention System (HIPS) drivers (1) Core kmxstart.sys 6.5.4.31 and (2) Firewall kmxfw.sys 6.5.4.10 allow local users to gain privileges by using certain privileged IOCTLs to modify callback function pointers.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ca | host-based_intrusion_prevention_system | — | — |
| ca | host-based_intrusion_prevention_system | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Computer Associates Personal Firewall 9.0 - HIPS Driver 'kmxstart.sys' Local Privilege Escalation
exploitdb·2006-11-16
CVE-2006-6952 Computer Associates Personal Firewall 9.0 - HIPS Driver 'kmxstart.sys' Local Privilege Escalation
Computer Associates Personal Firewall 9.0 - HIPS Driver 'kmxstart.sys' Local Privilege Escalation
---
// source: https://www.securityfocus.com/bid/21140/info
Multiple Computer Associates security-related products are prone to multiple local privilege-escalation vulnerabilities.
An attacker can leverage these issues to execute arbitrary code with SYSTEM-level privileges. This could result in the complete compromise of vulnerable computers.
These isses affect CA Personal Firewall 2007 (v9.0) Engine version 1.0.173 and prior and CA Internet Security Suite 2007 version 3.0 with CA Personal Firewall 2007 version 9.0 Engine version 1.0.173 and prior.
////////////////////////////////////
///// CA HIPS Engine Drivers
////////////////////////////////////
////
//// Kernel Privilege Escalation
Exploit-DB
Computer Associates Personal Firewall 9.0 - HIPS Driver 'kmxfw.sys' Local Privilege Escalation
exploitdb·2006-11-16
CVE-2006-6952 Computer Associates Personal Firewall 9.0 - HIPS Driver 'kmxfw.sys' Local Privilege Escalation
Computer Associates Personal Firewall 9.0 - HIPS Driver 'kmxfw.sys' Local Privilege Escalation
---
// source: https://www.securityfocus.com/bid/21140/info
Multiple Computer Associates security-related products are prone to multiple local privilege-escalation vulnerabilities.
An attacker can leverage these issues to execute arbitrary code with SYSTEM-level privileges. This could result in the complete compromise of vulnerable computers.
These isses affect CA Personal Firewall 2007 (v9.0) Engine version 1.0.173 and prior and CA Internet Security Suite 2007 version 3.0 with CA Personal Firewall 2007 version 9.0 Engine version 1.0.173 and prior.
////////////////////////////////////
///// CA HIPS Engine Drivers
////////////////////////////////////
//// Kmxfw.sys
//// Kernel Privilege Esca
No writeups or analysis indexed.
http://secunia.com/advisories/22972http://www.osvdb.org/30497http://www.osvdb.org/30498http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=38http://www.securityfocus.com/archive/1/451952/100/0/threadedhttp://www.securityfocus.com/archive/1/452286/100/0/threadedhttp://www.securityfocus.com/archive/1/458040/100/200/threadedhttp://www.securityfocus.com/bid/21140http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97729http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34818http://secunia.com/advisories/22972http://www.osvdb.org/30497http://www.osvdb.org/30498http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=38http://www.securityfocus.com/archive/1/451952/100/0/threadedhttp://www.securityfocus.com/archive/1/452286/100/0/threadedhttp://www.securityfocus.com/archive/1/458040/100/200/threadedhttp://www.securityfocus.com/bid/21140http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97729http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34818
2007-01-24
Published