Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Outpost Security Suite Pro ver. 2009 Multiple vulnerabilities

from [jplopezy] Network Security [Permanent Link]
Subject: Outpost Security Suite Pro ver. 2009 Multiple vulnerabilities
Date: 22 Jul 2008 17:21:26 -0000 

Application: Outpost Security Suite Pro ver. 2009
OS: Windows Xp (All patches a day)
------------------------------------------------------
1 - Description
2 - Vulnerability
3 - POC/EXPLOIT
------------------------------------------------------
Description
Outpost Security Suite is a software application that contains several security,
including anti-virus and is mainly a firewall but also includes an anti-spam 
and content control.

------------------------------------------------------
Vulnerability

The vulnerability is that when using certain special characters such as file 
name
could be left without protection for the system. 

The first flaw is  used as a special character file name,
making this could evade antivirus protection and make a file already detected
by the antiviru not be detected. 

The second flaw is that using a certain amount of special characters such as 
filename to run a program
that this blocked by the firewall, the firewall to detect the file, it would 
break the firewall and would
continue to be running malicious file without restrictions. 

In the latter case exceptions vary depending on the type of characters which 
are used
for example here there are two different results.

Aplicación con errores: acs.exe, versión: 6.5.2358.9115, módulo con error: 
ntdll.dll, versión 5.1.2600.2180, dirección de error 0x000111de.
Aplicación con errores: acs.exe, versión: 6.5.2358.9115, módulo con error: 
kernel32.dll, versión 5.1.2600.3119, dirección de error 0x0000bd85.
Aplicación con errores: acs.exe, versión: 6.5.2358.9115, módulo con error: 
firewall.ofp, versión 6.5.2358.9115, dirección de error 0x000350b3.

------------------------------------------------------
POC/EXPLOIT
To evade the virus requires the following character.

ASCII:&#12288;
HEX: 26 23 31 32 32 38 38 3b 

To perform the test to fail the firewall will require the following.

ASCII:? ? ? &#8227; &#8228; &#8229; ?
HEX: 86 20 87 20 95 20 26 23 38 32 32 37 3b 20 26 23 38 32 32 38 3b 20 26 23 38 
32 32 39 3b 20 85 


Note: In the case of evasion of anti-virus testing must be done with a file 
detected by antivirus and firewall
in the case obviously does not have a file that would make connections.
------------------------------------------------------
Juan Pablo Lopez Yacubian
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Outpost Security Suite Pro ver. 2009 Multiple vulnerabilities, jplopezy <=
Previous by Date:  [DSECRG-08-032] Claroline 1.8.10 Multiple XSS Vulnerabilities, Digital Security Research Group [DSecRG]
Next by Date:  RE: Windows Vista Power Management & Local Security Policy, James C. Slora Jr.
Previous by Thread:  [DSECRG-08-032] Claroline 1.8.10 Multiple XSS Vulnerabilities, Digital Security Research Group [DSecRG]
Next by Thread:  [ MDVSA-2008:152 ] - Updated wireshark packages fix denial of service vulnerability, security
Indexes:  [Date] [Thread] [Top] [All Lists]