The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Outpost Firewall

computer vulnerability 13245

Agnitum Outpost Security Suite: privilege escalation

Synthesis of the vulnerability

A local attacker can use several vulnerabilities of Agnitum Outpost Security Suite.
Impacted products: Outpost Firewall.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/08/2013.
Identifiers: BID-61726, VIGILANCE-VUL-13245.

Description of the vulnerability

Several vulnerabilities were announced in Agnitum Outpost Security Suite.

An attacker can generate a buffer overflow in the Pool memory, in order to trigger a denial of service, and possibly to execute code. [severity:2/4]

An attacker can load a DLL, in order to escalate his privileges. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce 11387

Outpost Firewall Pro: denial of service of GUI

Synthesis of the vulnerability

A malware can stop the GUI process of Outpost Firewall Pro.
Impacted products: Outpost Firewall.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: document.
Creation date: 22/02/2012.
Identifiers: VIGILANCE-VUL-11387.

Description of the vulnerability

A malware can stop the GUI process of Outpost Firewall Pro.
Full Vigil@nce bulletin... (Free trial)

vulnerability note 7964

Outpost Security Suite: bypassing

Synthesis of the vulnerability

When a filename contains special characters, it can bypass restrictions of the antivirus or of the firewall.
Impacted products: Outpost Firewall.
Severity: 1/4.
Consequences: user access/rights, data flow.
Provenance: document.
Creation date: 23/07/2008.
Identifiers: BID-30347, VIGILANCE-VUL-7964.

Description of the vulnerability

The Outpost Security Suite product is composed of an antivirus and of a firewall.

When a filename contains character sequences corresponding to an HTML entity (such as "‣"), this file bypasses the antivirus and execution restrictions of the firewall.

An attacker can therefore use a file with a special name in order to bypass Outpost Security Suite.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2007-5042 CVE-2007-5044 CVE-2007-5047

Norton Internet Security, Outpost, ZoneAlarm: corruption via SSDT hooking

Synthesis of the vulnerability

A local attacker can create a denial of service or corrupt memory of some software incorrectly implementing SSDT hooking.
Impacted products: Outpost Firewall, ZoneAlarm, Norton Internet Security.
Severity: 1/4.
Consequences: administrator access/rights, denial of service on server.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 3.
Creation date: 19/09/2007.
Identifiers: CVE-2007-5042, CVE-2007-5044, CVE-2007-5047, VIGILANCE-VUL-7177.

Description of the vulnerability

The SSDT table (System Service Descriptor Table) contains references on system calls:
 - NtCreateKey : create a key in registry
 - NtCreateThread : create a thread
 - NtDeleteFile : delete a file
 - etc.

Security software hooks entries in this table to point to specific functions. However, these functions do not correctly check their parameters. A local attacker can thus use malicious attributes in order to generate an error.

This vulnerability leads to a denial of service, and eventually to code execution.

Following software have been identified as vulnerable:
 - BlackICE PC Protection 3.6.cqn
 - G DATA InternetSecurity 2007
 - Ghost Security Suite beta 1.110 and alpha 1.200
 - Kaspersky Internet Security 7.0.0.125
 - Norton Internet Security 2008 15.0.0.60
 - Online Armor Personal Firewall 2.0.1.215
 - Outpost Firewall Pro 4.0.1025.7828
 - Privatefirewall 5.0.14.2
 - Process Monitor 1.22
 - ProcessGuard 3.410
 - ProSecurity 1.40 Beta 2
 - RegMon 7.04
 - ZoneAlarm Pro 7.0.362.000

These vulnerabilities are different from VIGILANCE-VUL-6271, VIGILANCE-VUL-6704 and VIGILANCE-VUL-6742.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2007-3086

Outpost Firewall: denial of service via outpost_ipc_hdr

Synthesis of the vulnerability

A local attacker can use the outpost_ipc_hdr mutex in order to block Outpost Firewall, and to force victim to restart system.
Impacted products: Outpost Firewall.
Severity: 1/4.
Consequences: administrator access/rights, denial of service on service.
Provenance: user shell.
Creation date: 04/06/2007.
Identifiers: BID-24284, CVE-2007-3086, VIGILANCE-VUL-6869.

Description of the vulnerability

The Outpost firewall uses the \BaseNamedObjects\outpost_ipc_hdr mutex when a potentially dangerous operation is conducted on the system.

However, a non privileged process can use this mutex (lock), then achieve a malicious operation, which locks Outpost. Victim then has to restart system.

This vulnerability therefore permits a local attacker to create a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2007-0333

Outpost Firewall: altering via ZwSetInformationFile

Synthesis of the vulnerability

A local attacker can corrupt installation of Outpost Firewall via ZwSetInformationFile().
Impacted products: Outpost Firewall.
Severity: 1/4.
Consequences: data creation/edition.
Provenance: user account.
Creation date: 16/01/2007.
Identifiers: BID-22069, CVE-2007-0333, VIGILANCE-VUL-6470.

Description of the vulnerability

The SSDT Table (System Service Descriptor Table) indicates addresses of functions implementing Windows system calls.

In order to forbid a local attacker to access to installation directory of Outpost Firewall, it hooks some system calls to forbid access to this directory.

However, the ZwSetInformationFile() function can be used to modify SandBox.sys in order to suppress this protection on next reboot.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability 6365

Outpost Firewall: bypassing protection

Synthesis of the vulnerability

A local attacker can use a DLL injection in order to bypass Outpost Firewall protection, then to deactivate it.
Impacted products: Outpost Firewall.
Severity: 1/4.
Consequences: data flow.
Provenance: user shell.
Creation date: 04/12/2006.
Identifiers: BID-21390, VIGILANCE-VUL-6365.

Description of the vulnerability

The Outpost firewall checks if a local attacker does not try to modify memory of a process to inject the name of a DLL to load.

However, this protection is not efficient if a ".dll" string is already in memory. A attacker, allowed to write in the Windows system directory and allowed to debug a program, can indeed reference this string to load a malicious library.

An attacker can for example use this vulnerability against the outpost.exe process in order to deactivate it.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2006-5721 CVE-2006-7160

Outpost Firewall: denial of service of SandBox

Synthesis of the vulnerability

A local attacker can send malicious data to the Sandbox driver in order to stop Outpost Firewall.
Impacted products: Outpost Firewall.
Severity: 1/4.
Consequences: denial of service on service.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 2.
Creation date: 02/11/2006.
Revision date: 16/11/2006.
Identifiers: BID-20860, BID-21097, CVE-2006-5721, CVE-2006-7160, VIGILANCE-VUL-6271.

Description of the vulnerability

The Outpost firewall has a sandbox to simulate the execution of programs. It is reachable via \Device\SandBox. This Sandbox uses the SSDT (System Service Descriptor Table) to hook (redirect) functions.

However, hooks for NtAssignProcessToJobObject, NtCreateKey, NtCreateThread, NtDeleteFile, NtLoadDriver, NtOpenProcess, NtProtectVirtualMemory, NtReplaceKey, NtTerminateProcess, NtTerminateThread, NtUnloadDriver and NtWriteVirtualMemory functions do not correctly check their parameters.

A local attacker can therefore create a program using these functions with malicious parameters, in order to stop the firewall.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2006-3697

Outpost Firewall: opening a privileged explorer

Synthesis of the vulnerability

A local attacker can use Outpost Firewall to open an explorer running with SYSTEM privileges.
Impacted products: Outpost Firewall.
Severity: 2/4.
Consequences: administrator access/rights.
Provenance: user account.
Creation date: 18/07/2006.
Revision date: 24/07/2006.
Identifiers: BID-19024, BTS16825, CVE-2006-3697, sb-03-037491-001-t, VIGILANCE-VUL-6013.

Description of the vulnerability

The Outpost Firewall product has an interface where user can click on a link named "open folder" in order to see the directory containing the file. This explorer is opened with rights of current user.

However, if local attacker previously terminates the explorer.exe process, this explorer is opened with SYSTEM rights.

A local attacker can therefore obtain administrative privileges on system.

Several attack variants are proposed because Outpost Firewall opens its windows with SYSTEM rights.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2006-3696

Outpost Firewall: buffer overflow of filtnt.sys

Synthesis of the vulnerability

A local attacker can generate an overflow in filtnt.sys in order to generate a denial of service and eventually to execute code.
Impacted products: Outpost Firewall.
Severity: 1/4.
Consequences: administrator access/rights, denial of service on service.
Provenance: user shell.
Creation date: 18/07/2006.
Identifiers: BID-19026, CVE-2006-3696, VIGILANCE-VUL-6015.

Description of the vulnerability

The filtnt.sys driver is used by Outpost Firewall product.

A local attacker can generate an overflow in this driver.

This overflow leads to a denial of service and may lead to code execution.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.