CA20090818-01: Security Notice for CA Host-Based Intrusion Prevention
System
Issued: August 18, 2009
CA's technical support is alerting customers to a security risk with
CA Host-Based Intrusion Prevention System. A vulnerability exists
that can allow a remote attacker to cause a denial of service. CA
has issued a patch to address the vulnerability.
The vulnerability, CVE-2009-2740, is due to the kmxIds.sys driver not
correctly handling certain malformed packets. An attacker can send a
malicious packet that will cause a kernel crash.
Risk Rating
High
Platform
Windows
Affected Products
CA Host-Based Intrusion Prevention System 8.1
Non-Affected Products
CA Host-Based Intrusion Prevention System 8.1 CF 1
How to determine if the installation is affected
File Name
Version
Size(bytes)
Date
kmxIds.sys
7.3.1.18
163,840
June 03, 2009, 12:32:22 PM
Solution
CA has issued the following patch to address the vulnerability.
CA Host-Based Intrusion Prevention System 8.1:
Install Cumulative Fix 1 RO10298.
References
CVE-2009-2740 - HIPS kmxIds.sys remote crash
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2740
CA20090818-01: Security Notice for CA Host-Based Intrusion Prevention
System
(line may wrap)
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=21
4665
Acknowledgement
CVE-2009-2740 - iViZ Security Research Team
Change History
Version 1.0: Initial Release
If additional information is required, please contact CA Support at
http://support.ca.com/
If you discover a vulnerability in CA products, please report your
findings to the CA Product Vulnerability Response Team.
(line may wrap)
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17
7782
Kevin Kotas
CA Product Vulnerability Response Team