CVE-2009-2450 – Online Armor < 3.5.0.12 - 'OAmon.sys' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-2450
The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online Armor Personal Firewall AV+ before 3.5.0.12, and Personal Firewall 3.5 before 3.5.0.14, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\OAmon containing arbitrary kernel addresses, as demonstrated using the 0x830020C3 IOCTL. El controlador del kernel OAmon.sys v 3.1.0.0 y anteriores en Tall Emu Online Armor Personal Firewall AV+ anterior a v3.5.0.12, y Personal Firewall 3.5 anterior a v3.5.0.14, permite a usuarios locales obtener privilegios a través de peticiones METHOD_NEITHER IOCTL modificadas a \Device\OAmon que contienen direcciones del kernel de su elección como se ha demostrado empleadon el IOCTL 0x830020C3. • https://www.exploit-db.com/exploits/8875 http://milw0rm.com/sploits/2009-OAmon_Exp.zip http://www.exploit-db.com/exploits/8875 http://www.ntinternals.org/ntiadv0806/ntiadv0806.html http://www.securityfocus.com/bid/35227 https://exchange.xforce.ibmcloud.com/vulnerabilities/50960 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-4967
https://notcve.org/view.php?id=CVE-2007-4967
Online Armor Personal Firewall 2.0.1.215 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via unspecified kernel SSDT hooks for Windows Native API functions including (1) NtAllocateVirtualMemory, (2) NtConnectPort, (3) NtCreateFile, (4) NtCreateKey, (5) NtCreatePort, (6) NtDeleteFile, (7) NtDeleteValueKey, (8) NtLoadKey, (9) NtOpenFile, (10) NtOpenProcess, (11) NtOpenThread, (12) NtResumeThread, (13) NtSetContextThread, (14) NtSetValueKey, (15) NtSuspendProcess, (16) NtSuspendThread, and (17) NtTerminateThread. Online Armor Personal Firewall 2.0.1.215 no valida adecuadamente ciertos parámetros a los manejadores de funciones de Tablas de Descripción de Servicios del Sistema (SSDT), lo cual permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente obtener privilegios mediante ganchos SSDT del núcleo para funciones de la API nativa de Windows entre las que se incluyen (1) NtAllocateVirtualMemory, (2) NtConnectPort, (3) NtCreateFile, (4) NtCreateKey, (5) NtCreatePort, (6) NtDeleteFile, (7) NtDeleteValueKey, (8) NtLoadKey, (9) NtOpenFile, (10) NtOpenProcess, (11) NtOpenThread, (12) NtResumeThread, (13) NtSetContextThread, (14) NtSetValueKey, (15) NtSuspendProcess, (16) NtSuspendThread, y (17) NtTerminateThread. • http://osvdb.org/45951 http://www.matousec.com/info/advisories/plague-in-security-software-drivers.php http://www.matousec.com/projects/windows-personal-firewall-analysis/plague-in-security-software-drivers.php http://www.securityfocus.com/archive/1/479830/100/0/threaded http://www.securityfocus.com/bid/25711 • CWE-20: Improper Input Validation CWE-264: Permissions, Privileges, and Access Controls •
CVE-2006-3787 – Sunbelt Kerio Personal Firewall 4.3.426 - CreateRemoteThread Denial of Service
https://notcve.org/view.php?id=CVE-2006-3787
kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 does not properly hook the CreateRemoteThread API function, which allows local users to cause a denial of service (crash) and bypass protection mechanisms by calling CreateRemoteThread. kpf4ss.exe en Sunbelt Kerio Personal Firewall 4.3.x anterior a 4.3.268 no se engancha adecuadamente a la función CreateRemoteThread de la API, lo cual permite a usuarios locales provocar una denegación de servicio (caída) y evitar mecanismos de protección llamando a CreateRemoteThread. • https://www.exploit-db.com/exploits/28228 http://secunia.com/advisories/21060 http://securityreason.com/securityalert/1260 http://www.matousec.com/info/advisories/Kerio-Terminating-kpf4ss-exe-using-internal-runtime-error.php http://www.securityfocus.com/archive/1/440112/100/100/threaded http://www.securityfocus.com/bid/18996 http://www.vupen.com/english/advisories/2006/2828 •