4 results (0.010 seconds)

CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 1

Unrestricted critical resource lock in Agnitum Outpost Firewall PRO 4.0 1007.591.145 and earlier allows local users to cause a denial of service (system hang) by capturing the outpost_ipc_hdr mutex. Bloqueo de recurso crítico no restringido en Agnitum Outpost Firewall PRO 4.0 1007.591.145 y anteriores permite a atacantes remotos provocar una denegación de servicio (cuelgue del sistema) capturando el mutex outpost_ipc_hdr. • https://www.exploit-db.com/exploits/30139 http://osvdb.org/42038 http://securityreason.com/securityalert/2775 http://www.matousec.com/info/advisories/Outpost-Enforcing-system-reboot-with-outpost_ipc_hdr-mutex.php http://www.securityfocus.com/archive/1/470278/100/0/threaded http://www.securityfocus.com/bid/24284 https://exchange.xforce.ibmcloud.com/vulnerabilities/34686 •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0

The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions. El controlador Sandbox.sys de Outpost Firewall PRO versión 4.0, y posiblemente versiones anteriores, no comprueba argumentos para funciones SSDT enlazadas, permite a usuarios locales causar una denegación de servicio (bloqueo) mediante argumentos no válidos para las funciones (1) NtAssignProcessToJobObject, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver y (12) NtWriteVirtualMemory. • http://secunia.com/advisories/22913 http://securityreason.com/securityalert/2376 http://www.matousec.com/info/advisories/Outpost-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php http://www.securityfocus.com/archive/1/451672/100/0/threaded http://www.securityfocus.com/bid/21097 http://www.vupen.com/english/advisories/2006/4537 https://exchange.xforce.ibmcloud.com/vulnerabilities/30312 • CWE-20: Improper Input Validation •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2

Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys. Agnitum Outpost Firewall PRO 4.0 permite a un usuario local evitar las restricciones de acceso insertando un ontrolador caballo de troya dentro del directorio de productos de instalación a través de la creación de enlaces utilizando respuestas FileLinkInformation con la función ZwSetInformationFile como se demostró modificando SandBox.sys. • https://www.exploit-db.com/exploits/29465 http://osvdb.org/33480 http://securityreason.com/securityalert/2163 http://www.matousec.com/info/advisories/Outpost-Bypassing-Self-Protection-using-file-links.php http://www.securityfocus.com/archive/1/456973/100/0/threaded http://www.securityfocus.com/bid/22069 https://exchange.xforce.ibmcloud.com/vulnerabilities/31529 •

CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 2

The \Device\SandBox driver in Outpost Firewall PRO 4.0 (964.582.059) allows local users to cause a denial of service (system crash) via an invalid argument to the DeviceIoControl function that triggers an invalid memory operation. El dispositivo \Device\SandBox en Outpost Firewall PRO 4.0 (964.582.059) permite a un usuario local provocar denegación de servicio (caida del sistema) a través de un argumento inválido a la función DeviceIoControl que dispara una operación inválida de memoria. • https://www.exploit-db.com/exploits/28894 http://secunia.com/advisories/22673 http://securityreason.com/securityalert/1821 http://securitytracker.com/id?1017150 http://www.matousec.com/info/advisories/Outpost-Insufficient-validation-of-SandBox-driver-input-buffer.php http://www.securityfocus.com/archive/1/450293/100/0/threaded http://www.securityfocus.com/bid/20860 http://www.vupen.com/english/advisories/2006/4309 https://exchange.xforce.ibmcloud.com/vulnerabilities/29969 •