SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Outpost Security Suite Vendors:   Agnitum, Ltd.
Outpost Security Suite Can By Bypassed With Filenames Containing Certain Characters
SecurityTracker Alert ID:  1020545
SecurityTracker URL:  http://securitytracker.com/id/1020545
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 24 2008
Impact:   Host/resource access via network
Exploit Included:  Yes  
Version(s): 2009
Description:   A vulnerability was reported in Outpost Security Suite. A remote user can bypass the anti-virus detection mechanism. A local user can bypass the firewall mechanism.

A remote user can create a file with a specially crafted filename that will evade detection by the antivirus engine.

The following character can trigger this flaw:  

A local user can create a file with a specially crafted filename that, when executed by the local user, will bypass the firewall's access restrictions.

The following character string [listed here in hex] can trigger this flaw: 86 20 87 20 95 20 26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 32 32 39 3b 20 85

Juan Pablo Lopez Yacubian reported this vulnerability.

Impact:   A remote user can create a file that will bypass the anti-virus detection mechanism.

A local user can run a program that will bypass the firewall access control mechanism.

Solution:   No solution was available at the time of this entry.
Vendor URL:  www.agnitum.com/products/security-suite/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Outpost Security Suite Pro ver. 2009 Multiple vulnerabilities


Application: Outpost Security Suite Pro ver. 2009
OS: Windows Xp (All patches a day)
------------------------------------------------------
1 - Description
2 - Vulnerability
3 - POC/EXPLOIT
------------------------------------------------------
Description
Outpost Security Suite is a software application that contains several security,
including anti-virus and is mainly a firewall but also includes an anti-spam and content control.

------------------------------------------------------
Vulnerability

The vulnerability is that when using certain special characters such as file name
could be left without protection for the system. 

The first flaw is  used as a special character file name,
making this could evade antivirus protection and make a file already detected
by the antiviru not be detected. 

The second flaw is that using a certain amount of special characters such as filename to run a program
that this blocked by the firewall, the firewall to detect the file, it would break the firewall and would
continue to be running malicious file without restrictions. 

In the latter case exceptions vary depending on the type of characters which are used
for example here there are two different results.

 0x0000bd85.
 0x000350b3.

------------------------------------------------------
POC/EXPLOIT
To evade the virus requires the following character.

ASCII: 
HEX: 26 23 31 32 32 38 38 3b 

To perform the test to fail the firewall will require the following.

HEX: 86 20 87 20 95 20 26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 32 32 39 3b 20 85 


Note: In the case of evasion of anti-virus testing must be done with a file detected by antivirus and firewall
in the case obviously does not have a file that would make connections.
------------------------------------------------------
Juan Pablo Lopez Yacubian

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC