Outpost Firewall PRO Multiple Local Denial of Service Vulnerabilities
BID:21097
Info
Outpost Firewall PRO Multiple Local Denial of Service Vulnerabilities
| Bugtraq ID: | 21097 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 15 2006 12:00AM |
| Updated: | Sep 18 2007 10:30PM |
| Credit: | Matousec Transparent Security discovered these issues. |
| Vulnerable: |
Agnitum Outpost Firewall PRO 4.0 (971.584.079) Agnitum Outpost Firewall PRO 4.0 (964.582.059) Agnitum Outpost Firewall PRO 4.0 |
| Not Vulnerable: |
Agnitum Outpost Firewall PRO 4.0 (1005.590.123) |
Discussion
Outpost Firewall PRO Multiple Local Denial of Service Vulnerabilities
Outpost Firewall PRO is prone to multiple local denial-of-service vulnerabilities because the application fails to properly handle unexpected input.
Exploiting these issues allows local attackers to crash affected computers, denying service to legitimate users. Remote code-execution may be possible, but this has not been confirmed.
Outpost Firewall PRO 4.0 (964.582.059) and 4.0 (971.584.079) are vulnerable to these issues; other versions may also be affected.
Outpost Firewall PRO is prone to multiple local denial-of-service vulnerabilities because the application fails to properly handle unexpected input.
Exploiting these issues allows local attackers to crash affected computers, denying service to legitimate users. Remote code-execution may be possible, but this has not been confirmed.
Outpost Firewall PRO 4.0 (964.582.059) and 4.0 (971.584.079) are vulnerable to these issues; other versions may also be affected.
Exploit / POC
Outpost Firewall PRO Multiple Local Denial of Service Vulnerabilities
The following exploit is available to demonstrate this issue:
The following exploit is available to demonstrate this issue:
Solution / Fix
Outpost Firewall PRO Multiple Local Denial of Service Vulnerabilities
Solution:
The vendor has released Outpost Firewall PRO 4.0 (1005.590.123) to address this issue. Contact the vendor for details on obtaining and applying the appropriate updates.
Solution:
The vendor has released Outpost Firewall PRO 4.0 (1005.590.123) to address this issue. Contact the vendor for details on obtaining and applying the appropriate updates.
References
Outpost Firewall PRO Multiple Local Denial of Service Vulnerabilities
References:
References:
- Outpost Firewall Pro Web Page (Agnitum)
- Outpost Multiple insufficient argument validation of hooked SSDT function Vulner (Matousec)
- Windows Personal Firewall Analysis (Matousec)
- Outpost Multiple insufficient argument validation of hooked SSDT function Vulner (Matousec - Transparent security Research
- Plague in (security) software drivers & BSDOhook utility (Matousec)