VAR-200908-0478
Vulnerability from variot - Updated: 2023-12-18 13:04kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention System (HIPS) 8.1 allows remote attackers to cause a denial of service (system crash) via a malformed packet. Computer Associates Host-Based Intrusion Prevention System is affected by a denial-of-service vulnerability because the application mishandles malformed user-supplied input. A remote attacker may exploit this issue to cause denial-of-service conditions. Host-Based Intrusion Prevention System 8.1 is affected by this issue; other versions may also be vulnerable. CA HIPS integrates functions such as firewall, intrusion detection, intrusion protection, operating system security and application control to provide centralized active security protection. -----BEGIN PGP SIGNED MESSAGE-----
CA20090818-01: Security Notice for CA Host-Based Intrusion Prevention System
Issued: August 18, 2009
CA's technical support is alerting customers to a security risk with CA Host-Based Intrusion Prevention System. CA has issued a patch to address the vulnerability.
The vulnerability, CVE-2009-2740, is due to the kmxIds.sys driver not correctly handling certain malformed packets. An attacker can send a malicious packet that will cause a kernel crash. Using Windows Explorer, locate the file "kmxIds.sys". By default, the file is located in the "C:\Windows\system32\drivers\" directory. 2. Right click on the file and select Properties. 3. Select the Version tab. 4. If the file version is less than indicated in the below table, the installation is vulnerable.
File Name Version Size(bytes) Date
kmxIds.sys 7.3.1.18 163,840 June 03, 2009, 12:32:22 PM
Solution
CA has issued the following patch to address the vulnerability.
References
CVE-2009-2740 - HIPS kmxIds.sys remote crash http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2740
CA20090818-01: Security Notice for CA Host-Based Intrusion Prevention System (line may wrap) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=21 4665
Acknowledgement
CVE-2009-2740 - iViZ Security Research Team
Change History
Version 1.0: Initial Release
If additional information is required, please contact CA Support at http://support.ca.com/
If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team. (line may wrap) https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17 7782
Kevin Kotas CA Product Vulnerability Response Team
-----BEGIN PGP SIGNATURE----- Version: PGP 8.1
iQEVAwUBSosQJJI1FvIeMomJAQFFEAf+IcKJCxu2tj2cO24u8Hp3nQIeCyAAJITU Fdsmn/RRDNKPXm6fCPVbeK7rnvCGRuSmEOXPT+H+Y8S5ruppUqf4kuehkvhaW3N+ m5xjiC4BnACtPO6HE2q4JelgAdb0mKWIWnbn6ydWXKvBKViUQU4cAirCxRw7zj7P lrfm+V6hun7s6FTF7IccdGTJDhxXOCo9Q++FGLaOvaXJiXSS+HvzTM7MzbAEa5yy TosaTPGrnYO8FzQz+P/HFlCYsD6IKjCfMy1C63Qp7xCFWZ6ltJSKEIUYLu/DJlWu z2JUzNXn4lqNXoDLOAuBHawMiJesPXshjFqFG0kdeRxvP4JMUhENOQ== =AsHd -----END PGP SIGNATURE----- . ---------------------------------------------------------------------------------------------------
[ iViZ Security Advisory 09-005 19/08/2009 ]
iViZ Techno Solutions Pvt. http://www.ivizsecurity.com
- Title: CA HIPS kmxids.sys Remote Kernel Vulnerability
- Software: CA HIPS r8.1
--[ Synopsis:
CA HIPS is a Host Based Intrusion Prevention System in which managed agents are deployed on individual hosts to be protected by the HIPS and controlled by the centralized console.
--[ Affected Software:
- CA HIPS r8.1 (possibly older versions too)
Tested on:
- Agent Product Version: 1.5.290
- Agent Engine Version: 1.5.286
--[ Technical description:
When CA HIPS agent processes certain malformed IP packets, it fails to handle certain boundary condition during parsing and pattern matching of the packet. It is possible to force the kernel driver (kmxids.sys) responsible for analyzing each in/out packet to reference invalid/unmapped memory.
The following information is obtained during crash analysis:
CURRENT_IRQL: 2
FAULTING_IP: kmxids+a2f4 f6b8c2f4 8a26 mov ah,byte ptr [esi]
DEFAULT_BUCKET_ID: DRIVER_FAULT
BUGCHECK_STR: 0xD1
TRAP_FRAME: f88ca4f4 -- (.trap 0xfffffffff88ca4f4) ErrCode = 00000000 eax=f88ca754 ebx=81f7415a ecx=00000003 edx=428c200c esi=6e96d603 edi=f6b83264 eip=f6b8c2f4 esp=f88ca568 ebp=f88ca574 iopl=0 nv up ei pl nz na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206 kmxids+0xa2f4: f6b8c2f4 8a26 mov ah,byte ptr [esi] ds:0023:6e96d603=?? Resetting default scope
LAST_CONTROL_TRANSFER: from 804f7b9d to 80527bdc
STACK_TEXT: f88ca0a8 804f7b9d 00000003 f88ca404 00000000 nt!RtlpBreakWithStatusInstruction f88ca0f4 804f878a 00000003 6e96d603 f6b8c2f4 nt!KiBugCheckDebugBreak+0x19 f88ca4d4 80540683 0000000a 6e96d603 00000002 nt!KeBugCheck2+0x574 f88ca4d4 f6b8c2f4 0000000a 6e96d603 00000002 nt!KiTrap0E+0x233 WARNING: Stack unwind information not available. Following frames may be wrong. f88ca574 f6b832e1 6e96d603 f6b83264 00000003 kmxids+0xa2f4 00000000 00000000 00000000 00000000 00000000 kmxids+0x12e1
The issue can be used to create a Denial of Service condition on each of the host protected by affected versions of CA HIPS agent, however due to the nature of the vulnerability remote code execution is unlikely
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200908-0478",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "host-based intrusion prevention system",
"scope": "eq",
"trust": 2.4,
"vendor": "ca",
"version": "8.1"
},
{
"model": "associates host-based intrusion prevention system",
"scope": "eq",
"trust": 0.3,
"vendor": "computer",
"version": "8.1"
},
{
"model": "associates host-based intrusion prevention system cf",
"scope": "ne",
"trust": 0.3,
"vendor": "computer",
"version": "8.11"
}
],
"sources": [
{
"db": "BID",
"id": "36078"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002627"
},
{
"db": "NVD",
"id": "CVE-2009-2740"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-275"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ca:host-based_intrusion_prevention_system:8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2740"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kevin Kotas",
"sources": [
{
"db": "PACKETSTORM",
"id": "80488"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-275"
}
],
"trust": 0.7
},
"cve": "CVE-2009-2740",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2009-2740",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-40186",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2009-2740",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200908-275",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-40186",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40186"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002627"
},
{
"db": "NVD",
"id": "CVE-2009-2740"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-275"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention System (HIPS) 8.1 allows remote attackers to cause a denial of service (system crash) via a malformed packet. Computer Associates Host-Based Intrusion Prevention System is affected by a denial-of-service vulnerability because the application mishandles malformed user-supplied input. \nA remote attacker may exploit this issue to cause denial-of-service conditions. \nHost-Based Intrusion Prevention System 8.1 is affected by this issue; other versions may also be vulnerable. CA HIPS integrates functions such as firewall, intrusion detection, intrusion protection, operating system security and application control to provide centralized active security protection. -----BEGIN PGP SIGNED MESSAGE-----\n\nCA20090818-01: Security Notice for CA Host-Based Intrusion Prevention\nSystem\n\nIssued: August 18, 2009\n\nCA\u0027s technical support is alerting customers to a security risk with\nCA Host-Based Intrusion Prevention System. CA\nhas issued a patch to address the vulnerability. \n\nThe vulnerability, CVE-2009-2740, is due to the kmxIds.sys driver not\ncorrectly handling certain malformed packets. An attacker can send a\nmalicious packet that will cause a kernel crash. Using Windows Explorer, locate the file \"kmxIds.sys\". By\ndefault, the file is located in the\n\"C:\\Windows\\system32\\drivers\\\" directory. \n2. Right click on the file and select Properties. \n3. Select the Version tab. \n4. If the file version is less than indicated in the below table, the\ninstallation is vulnerable. \n\nFile Name\nVersion\nSize(bytes)\nDate\n\nkmxIds.sys\n7.3.1.18\n163,840\nJune 03, 2009, 12:32:22 PM\n\nSolution\n\nCA has issued the following patch to address the vulnerability. \n\nReferences\n\nCVE-2009-2740 - HIPS kmxIds.sys remote crash\nhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2740\n\nCA20090818-01: Security Notice for CA Host-Based Intrusion Prevention\nSystem\n(line may wrap)\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=21\n4665\n\nAcknowledgement\n\nCVE-2009-2740 - iViZ Security Research Team\n\nChange History\n\nVersion 1.0: Initial Release\n\nIf additional information is required, please contact CA Support at\nhttp://support.ca.com/\n\nIf you discover a vulnerability in CA products, please report your\nfindings to the CA Product Vulnerability Response Team. \n(line may wrap)\nhttps://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=17\n7782\n\nKevin Kotas\nCA Product Vulnerability Response Team\n\n-----BEGIN PGP SIGNATURE-----\nVersion: PGP 8.1\n\niQEVAwUBSosQJJI1FvIeMomJAQFFEAf+IcKJCxu2tj2cO24u8Hp3nQIeCyAAJITU\nFdsmn/RRDNKPXm6fCPVbeK7rnvCGRuSmEOXPT+H+Y8S5ruppUqf4kuehkvhaW3N+\nm5xjiC4BnACtPO6HE2q4JelgAdb0mKWIWnbn6ydWXKvBKViUQU4cAirCxRw7zj7P\nlrfm+V6hun7s6FTF7IccdGTJDhxXOCo9Q++FGLaOvaXJiXSS+HvzTM7MzbAEa5yy\nTosaTPGrnYO8FzQz+P/HFlCYsD6IKjCfMy1C63Qp7xCFWZ6ltJSKEIUYLu/DJlWu\nz2JUzNXn4lqNXoDLOAuBHawMiJesPXshjFqFG0kdeRxvP4JMUhENOQ==\n=AsHd\n-----END PGP SIGNATURE-----\n. ---------------------------------------------------------------------------------------------------\n\n[ iViZ Security Advisory 09-005 19/08/2009 ]\n---------------------------------------------------------------------------------------------------\n\niViZ Techno Solutions Pvt. \n http://www.ivizsecurity.com\n------------------------------------------------------------------------------------------\n\n\n * Title: CA HIPS kmxids.sys Remote Kernel Vulnerability\n * Software: CA HIPS r8.1\n\n--[ Synopsis:\n\n CA HIPS is a Host Based Intrusion Prevention System in which managed\nagents\n are deployed on individual hosts to be protected by the HIPS and\ncontrolled\n by the centralized console. \n\n--[ Affected Software:\n\n * CA HIPS r8.1 (possibly older versions too)\n\n Tested on:\n\n * Agent Product Version: 1.5.290\n * Agent Engine Version: 1.5.286\n\n--[ Technical description:\n\n When CA HIPS agent processes certain malformed IP packets, it fails\nto handle\n certain boundary condition during parsing and pattern matching of the\npacket. \n It is possible to force the kernel driver (kmxids.sys) responsible for\n analyzing each in/out packet to reference invalid/unmapped memory. \n\n The following information is obtained during crash analysis:\n\n ------\n CURRENT_IRQL: 2\n\n FAULTING_IP:\n kmxids+a2f4\n f6b8c2f4 8a26 mov ah,byte ptr [esi]\n\n DEFAULT_BUCKET_ID: DRIVER_FAULT\n\n BUGCHECK_STR: 0xD1\n\n TRAP_FRAME: f88ca4f4 -- (.trap 0xfffffffff88ca4f4)\n ErrCode = 00000000\n eax=f88ca754 ebx=81f7415a ecx=00000003 edx=428c200c esi=6e96d603\nedi=f6b83264\n eip=f6b8c2f4 esp=f88ca568 ebp=f88ca574 iopl=0 nv up ei pl nz\nna pe nc\n cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000\nefl=00010206\n kmxids+0xa2f4:\n f6b8c2f4 8a26 mov ah,byte ptr [esi]\n ds:0023:6e96d603=??\n Resetting default scope\n\n LAST_CONTROL_TRANSFER: from 804f7b9d to 80527bdc\n\n STACK_TEXT:\n f88ca0a8 804f7b9d 00000003 f88ca404 00000000\n nt!RtlpBreakWithStatusInstruction\n f88ca0f4 804f878a 00000003 6e96d603 f6b8c2f4\nnt!KiBugCheckDebugBreak+0x19\n f88ca4d4 80540683 0000000a 6e96d603 00000002 nt!KeBugCheck2+0x574\n f88ca4d4 f6b8c2f4 0000000a 6e96d603 00000002 nt!KiTrap0E+0x233\n WARNING: Stack unwind information not available. Following frames may be\n wrong. \n f88ca574 f6b832e1 6e96d603 f6b83264 00000003 kmxids+0xa2f4\n 00000000 00000000 00000000 00000000 00000000 kmxids+0x12e1\n ------\n\n The issue can be used to create a Denial of Service condition on each\nof the\n host protected by affected versions of CA HIPS agent, however due to the\n nature of the vulnerability remote code execution is unlikely",
"sources": [
{
"db": "NVD",
"id": "CVE-2009-2740"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002627"
},
{
"db": "BID",
"id": "36078"
},
{
"db": "VULHUB",
"id": "VHN-40186"
},
{
"db": "PACKETSTORM",
"id": "80488"
},
{
"db": "PACKETSTORM",
"id": "80522"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-40186",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40186"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2009-2740",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002627",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20090818 CA20090818-01: SECURITY NOTICE FOR CA HOST-BASED INTRUSION PREVENTION SYSTEM",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200908-275",
"trust": 0.6
},
{
"db": "BID",
"id": "36078",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "80488",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "80522",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-40186",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40186"
},
{
"db": "BID",
"id": "36078"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002627"
},
{
"db": "PACKETSTORM",
"id": "80488"
},
{
"db": "PACKETSTORM",
"id": "80522"
},
{
"db": "NVD",
"id": "CVE-2009-2740"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-275"
}
]
},
"id": "VAR-200908-0478",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-40186"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:04:37.322000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "214665",
"trust": 0.8,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=214665"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002627"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40186"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002627"
},
{
"db": "NVD",
"id": "CVE-2009-2740"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=214665"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/505881/100/0/threaded"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2740"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2740"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/505881/100/0/threaded"
},
{
"trust": 0.4,
"url": " http://www.ivizsecurity.com/security-advisory-iviz-sr-09005.html"
},
{
"trust": 0.3,
"url": "http://www.ca.com/us/products/product.aspx?id=5785"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-2740"
},
{
"trust": 0.1,
"url": "http://support.ca.com/"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=17"
},
{
"trust": 0.1,
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentid=21"
},
{
"trust": 0.1,
"url": "http://www.ivizsecurity.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-40186"
},
{
"db": "BID",
"id": "36078"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002627"
},
{
"db": "PACKETSTORM",
"id": "80488"
},
{
"db": "PACKETSTORM",
"id": "80522"
},
{
"db": "NVD",
"id": "CVE-2009-2740"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-275"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-40186"
},
{
"db": "BID",
"id": "36078"
},
{
"db": "JVNDB",
"id": "JVNDB-2009-002627"
},
{
"db": "PACKETSTORM",
"id": "80488"
},
{
"db": "PACKETSTORM",
"id": "80522"
},
{
"db": "NVD",
"id": "CVE-2009-2740"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-275"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-08-19T00:00:00",
"db": "VULHUB",
"id": "VHN-40186"
},
{
"date": "2009-08-18T00:00:00",
"db": "BID",
"id": "36078"
},
{
"date": "2010-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002627"
},
{
"date": "2009-08-18T22:20:51",
"db": "PACKETSTORM",
"id": "80488"
},
{
"date": "2009-08-23T15:54:12",
"db": "PACKETSTORM",
"id": "80522"
},
{
"date": "2009-08-19T17:30:01.093000",
"db": "NVD",
"id": "CVE-2009-2740"
},
{
"date": "2009-08-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200908-275"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-40186"
},
{
"date": "2009-08-21T15:54:00",
"db": "BID",
"id": "36078"
},
{
"date": "2010-12-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2009-002627"
},
{
"date": "2018-10-10T19:42:10.233000",
"db": "NVD",
"id": "CVE-2009-2740"
},
{
"date": "2009-08-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200908-275"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "80488"
},
{
"db": "CNNVD",
"id": "CNNVD-200908-275"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CA Host-Based Intrusion Prevention System of kmxIds.sys Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2009-002627"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200908-275"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.