CA Host-Based Intrusion Prevention System Client kmxIds.sys DoS (CA20090818)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

A driver installed on the remote Windows host is affected by a denial
of service vulnerability.

Description :

The remote Windows host contains a version of the 'kmxIds.sys' driver,
a component of CA Host-Based Intrusion Prevention System Client, that
does not correctly handle certain malformed network packets. A remote
attacker can exploit this issue to cause a kernel crash.

See also :

http://www.nessus.org/u?6c95182f
http://seclists.org/bugtraq/2009/Aug/150

Solution :

Upgrade as necessary to CA Host-Based Intrusion Prevention System 8.1,
install Cumulative Fix 1 RO10298 or later on the CA HIPS server, and
ensure that an updated client installation image is installed on each
client.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.4
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 40621 (ca_hips_kmxids_sys_ro10298.nasl)

Bugtraq ID: 36078

CVE ID: CVE-2009-2740

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now