CVE-2010-5171
https://notcve.org/view.php?id=CVE-2010-5171
Race condition in Outpost Security Suite Pro 6.7.3.3063.452.0726 and 7.0.3330.505.1221 BETA on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during hook-handler execution, aka an argument-switch attack or a KHOBE attack. NOTE: this issue is disputed by some third parties because it is a flaw in a protection mechanism for situations where a crafted program has already begun to execute ** EN DISPUTA ** Condición de carrera en Outpost Security Suite Pro v6.7.3.3063.452.0726 y v7.0.3330.505.1221 BETA sobre Windows XP permite a usuarios locales evitar manejadores de kernel-mode hook, y ejecutar código malicioso que podría ser bloquedo por un manejador pero no por un detector de malware signature-based, a través de ciertos cambios en memoria user-space durante la ejecución de hook-handler , también conocido por argument-switch attack o ataque KHOBE. Nota: este problema está en disputa por terceras partes. • http://archives.neohapsis.com/archives/bugtraq/2010-05/0026.html http://archives.neohapsis.com/archives/fulldisclosure/2010-05/0066.html http://countermeasures.trendmicro.eu/you-just-cant-trust-a-drunk http://matousec.com/info/advisories/khobe-8.0-earthquake-for-windows-desktop-security-software.php http://matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php http://www.f-secure.com/weblog/archives/00001949.html http://www.osvdb.org/67660 http://www.securit • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2007-5042
https://notcve.org/view.php?id=CVE-2007-5042
Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtDeleteFile, (3) NtLoadDriver, (4) NtOpenProcess, (5) NtOpenSection, (6) NtOpenThread, and (7) NtUnloadDriver kernel SSDT hooks, a partial regression of CVE-2006-7160. Outpost Firewall Pro 4.0.1025.7828 no valida de forma adecuada ciertos parámetros en los manejadores de función System Service Descriptor Table (SSDT), el cual permite a usuarios locales provocar denegación de servicio (caida) y posiblemente ganar ciertos privilegios a través del secuestro de (1) NtCreateKey, (2) NtDeleteFile, (3) NtLoadDriver, (4) NtOpenProcess, (5) NtOpenSection, (6) NtOpenThread, y (7) NtUnloadDriver kernel SSDT, una regresión parcial de CVE-2006-7160. • http://osvdb.org/45899 http://securityreason.com/securityalert/3161 http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php http://www.securityfocus.com/archive/1/479830/100/0/threaded • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2007-3086 – Agnitum Outpost Firewall 4.0 - Outpost_IPC_HDR Local Denial of Service
https://notcve.org/view.php?id=CVE-2007-3086
Unrestricted critical resource lock in Agnitum Outpost Firewall PRO 4.0 1007.591.145 and earlier allows local users to cause a denial of service (system hang) by capturing the outpost_ipc_hdr mutex. Bloqueo de recurso crítico no restringido en Agnitum Outpost Firewall PRO 4.0 1007.591.145 y anteriores permite a atacantes remotos provocar una denegación de servicio (cuelgue del sistema) capturando el mutex outpost_ipc_hdr. • https://www.exploit-db.com/exploits/30139 http://osvdb.org/42038 http://securityreason.com/securityalert/2775 http://www.matousec.com/info/advisories/Outpost-Enforcing-system-reboot-with-outpost_ipc_hdr-mutex.php http://www.securityfocus.com/archive/1/470278/100/0/threaded http://www.securityfocus.com/bid/24284 https://exchange.xforce.ibmcloud.com/vulnerabilities/34686 •
CVE-2006-7160
https://notcve.org/view.php?id=CVE-2006-7160
The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions. El controlador Sandbox.sys de Outpost Firewall PRO versión 4.0, y posiblemente versiones anteriores, no comprueba argumentos para funciones SSDT enlazadas, permite a usuarios locales causar una denegación de servicio (bloqueo) mediante argumentos no válidos para las funciones (1) NtAssignProcessToJobObject, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver y (12) NtWriteVirtualMemory. • http://secunia.com/advisories/22913 http://securityreason.com/securityalert/2376 http://www.matousec.com/info/advisories/Outpost-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php http://www.securityfocus.com/archive/1/451672/100/0/threaded http://www.securityfocus.com/bid/21097 http://www.vupen.com/english/advisories/2006/4537 https://exchange.xforce.ibmcloud.com/vulnerabilities/30312 • CWE-20: Improper Input Validation •
CVE-2007-0333 – Outpost Firewall PRO 4.0 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2007-0333
Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys. Agnitum Outpost Firewall PRO 4.0 permite a un usuario local evitar las restricciones de acceso insertando un ontrolador caballo de troya dentro del directorio de productos de instalación a través de la creación de enlaces utilizando respuestas FileLinkInformation con la función ZwSetInformationFile como se demostró modificando SandBox.sys. • https://www.exploit-db.com/exploits/29465 http://osvdb.org/33480 http://securityreason.com/securityalert/2163 http://www.matousec.com/info/advisories/Outpost-Bypassing-Self-Protection-using-file-links.php http://www.securityfocus.com/archive/1/456973/100/0/threaded http://www.securityfocus.com/bid/22069 https://exchange.xforce.ibmcloud.com/vulnerabilities/31529 •