Outpost Firewall Pro Privilege Escalation Vulnerability
[B]Outpost Firewall Pro Privilege Escalation Vulnerability[/B]
[url=http://secunia.com/advisories/21089/]Secunia Advisory: SA21089 Print Advisory [/url]
Release Date: 2006-07-18
[B]Critical:[/B] Less critical
[B]Impact:[/B] Privilege escalation
[B]Where:[/B] Local system
[B]Solution Status:[/B] Unpatched
[B]Software:[/B] Outpost Firewall Pro 3.x
[B]
Description:[/B]
Ben Goulding has discovered a vulnerability in Outpost Firewall Pro, which can be exploited by malicious, local users to gain escalated privileges.
The vulnerability is caused due to the application windows running with SYSTEM privileges and the application not checking if explorer.exe is running. This can be exploited to launch explorer.exe with SYSTEM privileges by terminating it and then using the "open folder" option in e.g. the "Shared Components" window.
The vulnerability has been confirmed in version 3.51.759.6511 (462). Other versions may also be affected.
[B]
Solution:[/B] Enable password protection.
Provided and/or discovered by: Ben Goulding
Original Advisory: [url]http://www.ben.goulding.com.au/secad.html[/url]
Outpost Firewall Pro FILTNT.SYS Denial of Service
[B]Outpost Firewall Pro FILTNT.SYS Denial of Service[/B]
[url=http://secunia.com/advisories/21095/]Secunia Advisory: SA21095 Print Advisory[/url]
Release Date: 2006-07-18
[B]Critical:[/B] Not critical
[B]Impact:[/B] DoS
[B]Where:[/B] Local system
[B]Solution Status:[/B] Vendor Patch
[B]
Software:[/B] Outpost Firewall Pro 3.x
[B]Description:[/B]
Bipin Gautam has reported a vulnerability in Outpost Firewall Pro, which can be exploited by malicious, local users to cause a DoS (Denial of Service).
The vulnerability is caused due to an unspecified error in the Virtual Firewall driver (filtnt.sys) and can be exploited to crash the system by e.g. passing an overly long string as command line argument to mshta.exe.
The vulnerability has been reported in version 3.5.631. Other versions may also be affected.
[b]Solution:[/b] Update to version 3.51.759.6511 (462) or later.
Provided and/or discovered by: Bipin Gautam