Agnitum Outpost Firewall

... precisamente el que Ille recomendaba...

Las maravillas que recomienda., por eso mi Juas!!, en fin cosas del "pajaro".


Saludos

Hola.
Copio:

Posted on 20 January 2004


Secure Network Operations, Inc. http://www.secnetops.com/research
Strategic Reconnaissance Team research[at]secnetops[.]com
Team Lead Contact kf[at]secnetops[.]com
Spam Contact `rm -rf /`@snosoft.com

Our Mission:
*********************************************************
Secure Network Operations offers expertise in Networking, Intrusion
Detection Systems (IDS), Software Security Validation, and Corporate/Private
Network Security. Our mission is to facilitate a secure and reliable
Internet and inter-enterprise communications infrastructure through the
products and services we offer.

To learn more about our company, products and services or to request a demo
of ANVIL FCS please visit our site at http://www.secnetops.com, or call us
at: 978-263-3829

Quick Summary:

*********************************************************
Advisory Number : SRT2004-01-17-0628
Product : Outpost Firewall.
Version : 1.x and 2.x
Vendor : http://www.agnitum.com/download/outpostpro.html
Class : Local
Criticality : High (to Outpost Firewall users)
Operating System(s) : Win32

Notice
*********************************************************
1-2 day Early Warning List:

Secure Network Operations, inc. will very shortly have its own advisory
notification mailing list. This list will notify you of advisories 1-2 days
in advance of public release to other mailing lists. To subscribe please
visit http://advisories.secnetops.com in the immediate future.

30-60 day Early Warning List:
Our early warning service will notify you of new vulnerabilities 30-60 days
in advance of public release. This service has been created to protect
companies by allowing them to repair security vulnerabilities before they
become public knowledge. To purchase a one year subscription to this service
please contact us at 978-263-3767.

Alert
*********************************************************
Our advisories will contain full details excluding a working Proof of
Concept. Our web page will contain our working proof of concept for the
advisory if it exists. Yes folks this is a policy change for us. We will
exercise our own disgression in regards to delay of exploit releasevs
advisory release. List subscribers will have advanced access to workingproof
of concept code depending on the severity and list subscription type.

Basic Explanation
********************************************************
High Level Description : Outpost Firewall allows local SYSTEM access.

What to do : Apply update from vendor or limit local access.

Basic Technical Details
********************************************************
Proof Of Concept Status : SNO has Proof of Concept.

Low Level Description : In the words of agnitum... "With hacker attacks and
data theft rampant on the Internet, you need a constant defense to safeguard
your PC. Antivirus protection is not enough! The comprehensive solution for
protecting you and your family online is Outpost Personal Firewall Pro, the
world's foremost security application.". Outpost will..."Protect your system
from hackers, Guard the privacy of your data, Monitor network activity,
Maintain and control your privacy on the Web, Remove annoying ads, And
more!".

Our testing was done on the demo version of both Outpost 1.0 and 2.0. We
took all defaults while installing from OutpostProInstall.exe. No
othertweaks to the settings of Outpost were made.

Once started the outpost service provides a tray icon that is available to
all users of the system. outpost.exe runs as SYSTEM so this poses an
obvioussecurity risk.

If you wish to take local system rights from Agnitum Outpost Firewall do the
following steps.

1. right click tray icon...
2. choose "options..."
3. choose application or plug-ins
4. click Add...
5. browse for c:\winnt\system32\cmd.exe and right click on it...choose open.

Now you have a command prompt running as the user SYSTEM.

There is also a similar alternate method...

1. double click tray icon.
2. click Help.
3. click contents.
4. right click help content...
5. choose view source.
6. you now have notepad.exe running as SYSTEM... taking cmd.exe from here is
a matter of going to file then open, and duplicating step 5 above.

Proof Of Concept: Live exploit code will be under our research shortly.
Thanksto Brett Moore for all the conceptual help... sorry for my dumb
questions!See http://www.secnetops.biz/research/ look for outpost_ex2.exe
and outpost_ex2.cWe will update our whats new section when the exploit is
available.

A screenshot of exploitation can be located at (without registration):
http://www.secnetops.biz/images/SRT...7-0628.jpg
Vendor Status : Vendor is has a fix for the issue. A vendorsupplied patch
should be supplied in the next week or so (of 1/17/2004). "We are glad to
inform you that the problem you had reported was solved.", "We plan to
release new version in a couple of weeks.", "We strongly recommend that you
join the Agnitum News mailing list at www.agnitum.com/news to keep informed
of security issues that may affect you, and of new version release."

We (Snosoft) also reccomend you sign up for their list... they are very hard
to communicate with otherwise. Web forms and long delays were what we
encountered.

Bugtraq URL : To be assigned.

Disclaimer


This advisory was released by Secure Network Operations,Inc. as a matterof
notification to help administrators protect their networks againstthe
described vulnerability. Release of exploit code is done at our own
disgression.

All content of this advisory is property of Secure Network Operations.

Secure Network Operations, Inc. || http://www.secnetops.com
"Embracing the future of technology, protecting you."

Regard: ©
"If U know neither the enemy nor yourself,U will succumb in every battle"
FIN DE LA COPIA.
Saludos.


"Ille Corvus" escribió en el mensaje
news:

http://www.secunia.com/advisories/10660/

Existe un pequeño problema de seguridad solo explotable en modo local
con las version 1.x y 2.x (de momento) de este cortafuegos, que segun
el fabricante se solucionara en breve, estar atento a la pagina web
del fabricante para la solucion www.agnitum.com


Ille Corvus. Hic et Nunc.

uno -> idiota
otro -> tu mas
uno -> imbecil
otro -> tu mas
uno -> no, tu mas
otro -> no, tu infinito
uno -> tu infinito al cuadrado
otro -> ...

me parece que la proxima discusion de este grupo va a ser algo parecido a
esto, vamos como volver al cole, aunque yo cada vez que lo pienso, es cuando
mejor se vive, ayy, quien tuviera 1 añito otra vez, ;P.

un saludin.

El Tue, 20 Jan 2004 22:18:52 +0100, "" <joadom AT iespana DOT
es> escribio:

Las maravillas que recomienda.,

Algunos recomiendan la "9 maravilla" como Sygate tiene una
largaaaaaaa lista de vulnerabilidades, todos los programas tienen
estos problemas, lo importante es resolverlos lo antes posible...

por eso mi Juas!!, en fin cosas del "pajaro".

Te hara falta ir a la escuela, es una Ave (no el tren de alta
velocidad)...



Ille Corvus. Hic et Nunc.

El Tue, 20 Jan 2004 21:57:12 +0100, "" <joadom AT iespana DOT
es> escribio:



Ille Corvus. Hic et Nunc.