CERTA-2007-AVI-058

Vulnerability from certfr_avis - Published: 2007-01-26 - Updated: 2007-01-26

De multiples vulnérabilités sur CA Personal Firewall 2007 permettraient à un attaquant d'effectuer une élévation de privilèges.

Description

Plusieurs vulnérabilités sur CA Personal Firewall 2007 permettraient à une personne malintentionnée d'effectuer une élévation de privilèges. Les vulnérabilités sont dues à des erreurs dans les pilotes KmxStart.sys et KmxFw.sys.

Solution

Une mise à jour automatique qui corrige ces vulnérabilités est disponible depuis le 22 janvier 2007.

None
Impacted products
Vendor Product Description
Microsoft Windows Les moteurs antérieurs à 1.0.173 de CA Personal Firewall 2007 9.0 sur Microsoft Windows ;
Microsoft N/A les moteurs antérieurs à 1.0.173 de CA Personal Firewall 2007 dans CA Internet Security Suite 2007 sur Microsoft Windows.
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Les moteurs ant\u00e9rieurs \u00e0 1.0.173 de CA Personal Firewall 2007 9.0 sur Microsoft Windows ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "les moteurs ant\u00e9rieurs \u00e0 1.0.173 de CA Personal Firewall 2007 dans CA Internet Security Suite 2007 sur Microsoft Windows.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s sur CA Personal Firewall 2007 permettraient \u00e0\nune personne malintentionn\u00e9e d\u0027effectuer une \u00e9l\u00e9vation de privil\u00e8ges.\nLes vuln\u00e9rabilit\u00e9s sont dues \u00e0 des erreurs dans les pilotes KmxStart.sys\net KmxFw.sys.\n\n## Solution\n\nUne mise \u00e0 jour automatique qui corrige ces vuln\u00e9rabilit\u00e9s est\ndisponible depuis le 22 janvier 2007.\n",
  "cves": [],
  "initial_release_date": "2007-01-26T00:00:00",
  "last_revision_date": "2007-01-26T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de CA :",
      "url": "http://www3.ca.com/securityadvisor/newsinfo/collateral.aspx?cid=97729"
    }
  ],
  "reference": "CERTA-2007-AVI-058",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-01-26T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s sur \u003cspan class=\"textit\"\u003eCA Personal\nFirewall 2007\u003c/span\u003e permettraient \u00e0 un attaquant d\u0027effectuer une\n\u00e9l\u00e9vation de privil\u00e8ges.\n",
  "title": "Vuln\u00e9rabilit\u00e9s sur CA firewall",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 34818 de CA du 22 janvier 2007",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.