var-200808-0291
Vulnerability from variot
Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, allows remote attackers to cause a denial of service via unknown vectors, related to "insufficient validation.". (DoS) There is a vulnerability that becomes a condition.Service disruption by a third party (DoS) There is a possibility of being put into a state. Computer Associates products are prone to two vulnerabilities. Attackers may exploit the first vulnerability locally to execute arbitrary code with SYSTEM-level privileges or cause a system crash. Attackers may exploit the second vulnerability remotely to cause denial-of-service conditions. Successful attacks will completely compromise the computer or cause denial-of-service conditions. There is an unknown vulnerability in the kmxfw.sys driver in CA HIPS r8.
2) An unspecified error in the kmxfw.sys driver can be exploited to cause a DoS.
PROVIDED AND/OR DISCOVERED BY: The vendor credits: 1) Tobias Klein 2) Elazar Broad
ORIGINAL ADVISORY: CA: http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36559 http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36560
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. CA has issued updates to address the vulnerabilities. The first vulnerability, CVE-2008-2926, occurs due to insufficient verification of IOCTL requests by the kmxfw.sys driver. The second vulnerability, CVE-2008-3174, occurs due to insufficient validation by the kmxfw.sys driver. An attacker can make a request that can cause a system crash.
Mitigating Factors: None
Severity: CA has given these vulnerabilities a Medium risk rating. CA Personal Firewall Engine 1.2.276 and later are not affected. To ensure that the latest automatic update is installed on your computer, customers can view the Help>About screen in their CA Personal Firewall product and confirm that the engine version number is 1.2.276 or higher. For support information, visit http://shop.ca.com/support.
How to determine if you are affected: 1. Using Windows Explorer, locate the file "kmxfw.sys". By default, the file is located in the "C:\Windows\system32\drivers\" directory. 2. Right click on the file and select Properties. 3. Select the General tab. 4. If the file version is less than indicated in the below table, the installation is vulnerable.
File Name Version Size (bytes) Date kmxfw.sys 6.5.5.18 115,216 March 14, 2008
Workaround: None
References (URLs may wrap): CA Support: http://support.ca.com/ Security Notice for CA Host-Based Intrusion Prevention System SDK https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=182496 Solution Document Reference APARs: RO00535 CA Security Response Blog posting: CA Host-Based Intrusion Prevention System SDK kmxfw.sys Multiple Vulnerabilities community.ca.com/blogs/casecurityresponseblog/archive/2008/08/12.aspx Reported By: Tobias Klein (CVE-2008-2926) http://www.trapkit.de/ Elazar Broad (CVE-2008-3174) CVE References: CVE-2008-2926 - CA HIPS kmxfw.sys IOCTL http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2926 CVE-2008-3174 - CA HIPS kmxfw.sys denial of service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3174 OSVDB References: Pending http://osvdb.org/
Changelog for this advisory: v1.0 - Initial Release
Customers who require additional information should contact CA Technical Support at http://support.ca.com.
For technical questions or comments related to this advisory, please send email to vuln AT ca DOT com.
If you discover a vulnerability in CA products, please report your findings to our product security response team. https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782
Regards, Ken Williams ; 0xE2941985 Director, CA Vulnerability Research
CA, 1 CA Plaza, Islandia, NY 11749
Contact http://www.ca.com/us/contact/ Legal Notice http://www.ca.com/us/legal/ Privacy Policy http://www.ca.com/us/privacy/ Copyright (c) 2008 CA. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003)
wj4DBQFIoduueSWR3+KUGYURAmmKAJ9FWl5gIZrbrGhg5CZ0NKzw0QE8qQCY+Qys ekQdlRjiIYnyp9WEqqGAxQ== =ltU4 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200808-0291",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "host based intrusion prevention system",
"scope": "eq",
"trust": 1.6,
"vendor": "computer associates",
"version": "r8"
},
{
"model": "internet security suite",
"scope": "eq",
"trust": 1.6,
"vendor": "computer associates",
"version": "2007"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "computer associates",
"version": "2007"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.6,
"vendor": "computer associates",
"version": "2008"
},
{
"model": "internet security suite",
"scope": "eq",
"trust": 1.6,
"vendor": "computer associates",
"version": "2008"
},
{
"model": "host-based intrusion prevention system",
"scope": "eq",
"trust": 0.8,
"vendor": "ca",
"version": "r8"
},
{
"model": "internet security suite",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "personal firewall",
"scope": null,
"trust": 0.8,
"vendor": "ca",
"version": null
},
{
"model": "associates personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2008"
},
{
"model": "associates personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "2007"
},
{
"model": "associates internet security suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20080"
},
{
"model": "associates internet security suite",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "20070"
},
{
"model": "associates host-based intrusion prevention system r8",
"scope": null,
"trust": 0.3,
"vendor": "computer",
"version": null
},
{
"model": "associates personal firewall engine",
"scope": "ne",
"trust": 0.3,
"vendor": "computer",
"version": "1.2.276"
}
],
"sources": [
{
"db": "BID",
"id": "30651"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003251"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-174"
},
{
"db": "NVD",
"id": "CVE-2008-3174"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ca:host-based_intrusion_prevention_system",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:internet_security_suite",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:ca:personal_firewall",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003251"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tobias Klein, Elazar Broad",
"sources": [
{
"db": "BID",
"id": "30651"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-174"
}
],
"trust": 0.9
},
"cve": "CVE-2008-3174",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2008-3174",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-33299",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2008-3174",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2008-3174",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200808-174",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-33299",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33299"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003251"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-174"
},
{
"db": "NVD",
"id": "CVE-2008-3174"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based Intrusion Prevention System (HIPS) r8, as used in CA Internet Security Suite and Personal Firewall, allows remote attackers to cause a denial of service via unknown vectors, related to \"insufficient validation.\". (DoS) There is a vulnerability that becomes a condition.Service disruption by a third party (DoS) There is a possibility of being put into a state. Computer Associates products are prone to two vulnerabilities. \nAttackers may exploit the first vulnerability locally to execute arbitrary code with SYSTEM-level privileges or cause a system crash. Attackers may exploit the second vulnerability remotely to cause denial-of-service conditions. \nSuccessful attacks will completely compromise the computer or cause denial-of-service conditions. There is an unknown vulnerability in the kmxfw.sys driver in CA HIPS r8. \n\n2) An unspecified error in the kmxfw.sys driver can be exploited to\ncause a DoS. \n\nPROVIDED AND/OR DISCOVERED BY:\nThe vendor credits:\n1) Tobias Klein\n2) Elazar Broad\n\nORIGINAL ADVISORY:\nCA:\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36559\nhttp://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36560\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. CA has issued \nupdates to address the vulnerabilities. The first vulnerability, \nCVE-2008-2926, occurs due to insufficient verification of IOCTL \nrequests by the kmxfw.sys driver. The second vulnerability, \nCVE-2008-3174, occurs due to insufficient validation by the \nkmxfw.sys driver. An attacker can make a request that can cause a \nsystem crash. \n\n\nMitigating Factors: None\n\n\nSeverity: CA has given these vulnerabilities a Medium risk rating. CA Personal Firewall Engine 1.2.276 and later are not \naffected. To ensure that the latest automatic update is installed \non your computer, customers can view the Help\u003eAbout screen in \ntheir CA Personal Firewall product and confirm that the engine \nversion number is 1.2.276 or higher. For support information, \nvisit http://shop.ca.com/support. \n\n\nHow to determine if you are affected:\n1. Using Windows Explorer, locate the file \"kmxfw.sys\". By default, \n the file is located in the \"C:\\Windows\\system32\\drivers\\\" directory. \n2. Right click on the file and select Properties. \n3. Select the General tab. \n4. If the file version is less than indicated in the below table, \n the installation is vulnerable. \n\nFile Name Version Size (bytes) Date\nkmxfw.sys 6.5.5.18 115,216 March 14, 2008\n\n\nWorkaround: None\n\n\nReferences (URLs may wrap):\nCA Support:\nhttp://support.ca.com/\nSecurity Notice for\nCA Host-Based Intrusion Prevention System SDK\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=182496\nSolution Document Reference APARs:\nRO00535\nCA Security Response Blog posting:\nCA Host-Based Intrusion Prevention System SDK kmxfw.sys Multiple \n Vulnerabilities\ncommunity.ca.com/blogs/casecurityresponseblog/archive/2008/08/12.aspx\nReported By: \nTobias Klein (CVE-2008-2926)\nhttp://www.trapkit.de/\nElazar Broad (CVE-2008-3174)\nCVE References:\nCVE-2008-2926 - CA HIPS kmxfw.sys IOCTL\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2926\nCVE-2008-3174 - CA HIPS kmxfw.sys denial of service\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3174\nOSVDB References: Pending\nhttp://osvdb.org/\n\n\nChangelog for this advisory:\nv1.0 - Initial Release\n\n\nCustomers who require additional information should contact CA\nTechnical Support at http://support.ca.com. \n\nFor technical questions or comments related to this advisory, \nplease send email to vuln AT ca DOT com. \n\nIf you discover a vulnerability in CA products, please report your \nfindings to our product security response team. \nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=177782\n\n\nRegards,\nKen Williams ; 0xE2941985\nDirector, CA Vulnerability Research\n\n\nCA, 1 CA Plaza, Islandia, NY 11749\n\t\nContact http://www.ca.com/us/contact/\nLegal Notice http://www.ca.com/us/legal/\nPrivacy Policy http://www.ca.com/us/privacy/\nCopyright (c) 2008 CA. All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP Desktop 9.5.3 (Build 5003)\n\nwj4DBQFIoduueSWR3+KUGYURAmmKAJ9FWl5gIZrbrGhg5CZ0NKzw0QE8qQCY+Qys\nekQdlRjiIYnyp9WEqqGAxQ==\n=ltU4\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3174"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003251"
},
{
"db": "BID",
"id": "30651"
},
{
"db": "VULHUB",
"id": "VHN-33299"
},
{
"db": "PACKETSTORM",
"id": "68975"
},
{
"db": "PACKETSTORM",
"id": "69034"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-3174",
"trust": 2.9
},
{
"db": "BID",
"id": "30651",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "31434",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1020662",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1020661",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1020663",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2008-2339",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003251",
"trust": 0.8
},
{
"db": "XF",
"id": "44393",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080812 CA HOST-BASED INTRUSION PREVENTION SYSTEM SDK KMXFW.SYS MULTIPLE VULNERABILITIES",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200808-174",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-33299",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "68975",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "69034",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33299"
},
{
"db": "BID",
"id": "30651"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003251"
},
{
"db": "PACKETSTORM",
"id": "68975"
},
{
"db": "PACKETSTORM",
"id": "69034"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-174"
},
{
"db": "NVD",
"id": "CVE-2008-3174"
}
]
},
"id": "VAR-200808-0291",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-33299"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:03:32.672000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ca.com/us/default.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003251"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-3174"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36560"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/30651"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1020661"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1020662"
},
{
"trust": 1.7,
"url": "http://www.securitytracker.com/id?1020663"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/31434"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/495397/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2008/2339"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44393"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-3174"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-3174"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/44393"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/495397/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2008/2339"
},
{
"trust": 0.4,
"url": "http://www.ca.com/us/securityadvisor/vulninfo/vuln.aspx?id=36559"
},
{
"trust": 0.3,
"url": "http://www.trapkit.de/advisories/tkadv2008-006.txt"
},
{
"trust": 0.3,
"url": "http://www.ca.com"
},
{
"trust": 0.3,
"url": "/archive/1/495427"
},
{
"trust": 0.3,
"url": "/archive/1/495397"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/18834/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/31434/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/12660/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/16198/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/19549/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_specialist/"
},
{
"trust": 0.1,
"url": "http://corporate.secunia.com/about_secunia/64/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/14434/"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/solutionresults?aparno=ro00535\u0026actionid=4"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/privacy/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-2926"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-3174"
},
{
"trust": 0.1,
"url": "http://www.trapkit.de/"
},
{
"trust": 0.1,
"url": "http://support.ca.com/"
},
{
"trust": 0.1,
"url": "http://osvdb.org/"
},
{
"trust": 0.1,
"url": "http://shop.ca.com/support."
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2926"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=177782"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/contact/"
},
{
"trust": 0.1,
"url": "http://www.ca.com/us/legal/"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/redirarticles?reqpage=search\u0026se"
},
{
"trust": 0.1,
"url": "http://support.ca.com."
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=182496"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-33299"
},
{
"db": "BID",
"id": "30651"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003251"
},
{
"db": "PACKETSTORM",
"id": "68975"
},
{
"db": "PACKETSTORM",
"id": "69034"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-174"
},
{
"db": "NVD",
"id": "CVE-2008-3174"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-33299"
},
{
"db": "BID",
"id": "30651"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-003251"
},
{
"db": "PACKETSTORM",
"id": "68975"
},
{
"db": "PACKETSTORM",
"id": "69034"
},
{
"db": "CNNVD",
"id": "CNNVD-200808-174"
},
{
"db": "NVD",
"id": "CVE-2008-3174"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-33299"
},
{
"date": "2008-08-11T00:00:00",
"db": "BID",
"id": "30651"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003251"
},
{
"date": "2008-08-13T01:46:19",
"db": "PACKETSTORM",
"id": "68975"
},
{
"date": "2008-08-13T05:41:53",
"db": "PACKETSTORM",
"id": "69034"
},
{
"date": "2008-08-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-174"
},
{
"date": "2008-08-12T23:41:00",
"db": "NVD",
"id": "CVE-2008-3174"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-33299"
},
{
"date": "2008-08-25T22:25:00",
"db": "BID",
"id": "30651"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-003251"
},
{
"date": "2008-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200808-174"
},
{
"date": "2024-11-21T00:48:37.580000",
"db": "NVD",
"id": "CVE-2008-3174"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-174"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CA Internet Security Suite Used for etc. CA HIPS of kmxfw.sys Service disruption in drivers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-003251"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200808-174"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…