SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Firewall)  >   Outpost Personal Firewall Vendors:   Agnitum, Ltd.
Outpost Firewall PRO /Device/Sandbox Insufficent Access Control and Insufficent Input Validation Lets Local Users Deny Service
SecurityTracker Alert ID:  1017150
SecurityTracker URL:  http://securitytracker.com/id/1017150
CVE Reference:   CVE-2006-5721   (Links to External Site)
Updated:  Jun 3 2008
Original Entry Date:  Nov 1 2006
Impact:   Denial of service via local system
Exploit Included:  Yes  
Version(s): 4.0.964.582.059
Description:   Matousec Transparent Security Research reported a vulnerability in Outpost Firewall PRO. A local user can cause denial of service conditions.

The firewall software does not properly protect local user access to the \Device\SandBox driver. The driver also does not properly validate user-supplied input. A local user can supply specially crafted data to trigger a memory access error and cause the target system to crash.

The original advisory and a demonstration exploit is available at:

http://www.matousec.com/info/advisories/Outpost-Insufficient-validation-of-SandBox-driver-input-buffer.php

Impact:   A local user can cause the target system to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.agnitum.com/products/outpost/ (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Outpost Insufficient validation of 'SandBox' driver input buffer

Hello,

We would like to inform you about a vulnerability in Outpost Firewall PRO 4.0.


Description:

Outpost insufficiently protects its driver \Device\SandBox against a manipulation by 
malicious applications and it fails to validate its input buffer. It is possible to 
open this driver and send arbitrary data to it, which are implicitly believed to be 
valid. It is possible to assemble the data in the input buffer such that the driver 
performs an invalid memory operation and crashes the whole operating system. Further 
impacts of this bug were not examined.


Vulnerable software:

    * Outpost Firewall PRO 4.0 (964.582.059)



More details and a proof of concept including source code is available here: 
http://www.matousec.com/info/advisories/Outpost-Insufficient-validation-of-SandBox-driver-input-buffer.php


Regards,

-- 
Matousec - Transparent security Research
http://www.matousec.com/
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC