Network Security: Detailed info on [Full-disclosure] Outpost Firewall Pro secrately fixing security flaws?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

[Full-disclosure] Outpost Firewall Pro secrately fixing security flaws?

from [Bipin Gautam] Network Security

[Permanent Link]

Subject:	[Full-disclosure] Outpost Firewall Pro secrately fixing security flaws?
Date:	Tue, 18 Jul 2006 02:26:54 +0545

hello,
To my knowledge Outpost Firewall Pro 3.5.631 had a security issue
(say: 0-day) that An exception can be passed & then triggered  by a
local system user to the firewall resulting in a SYSTEM CRASH due to a
overflow flaw in filtnt.sys (firewall driver) I was testing it on
winxpsp2 (patchlevel latest) & other possibilities of remote
exploitation.

try experimenting with:

cmd.exe
c:\> mshta.exe longggggggggg string


After upgrading to Outpost Firewall Pro ver. 3.51.759.6511 (462) the
issue seems fixed.

so secret fix huh ?

---

Bipin Gautam
http://bipin.tk

Zeroth law of security: The possibility of poking a system from lower
privilege is zero unless & until there is possibility of direct,
indirect or consequential communication between the two...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Full-disclosure] Outpost Firewall Pro secrately fixing security flaws?, Bipin Gautam <= [Full-disclosure] Outpost Firewall Pro secrately fixing security flaws?, Bipin Gautam

Previous by Date:	Using Magic Values along with filetype to find malicious files (was RE: [Full-disclosure] Google Malware Search), Debasis Mohanty
Next by Date:	Re: Using Magic Values along with filetype to find malicious files (was RE: [Full-disclosure] Google Malware Search), Dude VanWinkle
Previous by Thread:	[Full-disclosure] [EEYEB-20060227] D-Link Router UPNP Stack Overflow, eEye Advisories
Next by Thread:	[Full-disclosure] Outpost Firewall Pro secrately fixing security flaws?, Bipin Gautam
Indexes:	[Date] [Thread] [Top] [All Lists]