Vulnerabilities > Agnitum
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-09-24 | CVE-2007-5042 | Permissions, Privileges, and Access Controls vulnerability in Agnitum Outpost Firewall 4.0.1025.7828 Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtDeleteFile, (3) NtLoadDriver, (4) NtOpenProcess, (5) NtOpenSection, (6) NtOpenThread, and (7) NtUnloadDriver kernel SSDT hooks, a partial regression of CVE-2006-7160. | 4.6 |
| 2007-06-06 | CVE-2007-3086 | Local Denial of Service vulnerability in Agnitum Outpost Firewall Outpost_IPC_HDR Unrestricted critical resource lock in Agnitum Outpost Firewall PRO 4.0 1007.591.145 and earlier allows local users to cause a denial of service (system hang) by capturing the outpost_ipc_hdr mutex. | 4.9 |
| 2007-03-07 | CVE-2006-7160 | Improper Input Validation vulnerability in Agnitum Outpost Firewall The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly earlier versions, does not validate arguments to hooked SSDT functions, which allows local users to cause a denial of service (crash) via invalid arguments to the (1) NtAssignProcessToJobObject,, (2) NtCreateKey, (3) NtCreateThread, (4) NtDeleteFile, (5) NtLoadDriver, (6) NtOpenProcess, (7) NtProtectVirtualMemory, (8) NtReplaceKey, (9) NtTerminateProcess, (10) NtTerminateThread, (11) NtUnloadDriver, and (12) NtWriteVirtualMemory functions. | 4.9 |
| 2007-01-18 | CVE-2007-0333 | Local Privilege Escalation vulnerability in Agnitum Outpost Firewall 4.0 Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product's installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated by modifying SandBox.sys. | 7.2 |
| 2006-11-04 | CVE-2006-5721 | Local Denial of Service vulnerability in Agnitum Outpost Firewall 4.0 The \Device\SandBox driver in Outpost Firewall PRO 4.0 (964.582.059) allows local users to cause a denial of service (system crash) via an invalid argument to the DeviceIoControl function that triggers an invalid memory operation. | 4.9 |
| 2006-07-21 | CVE-2006-3697 | Permissions, Privileges, and Access Controls vulnerability in multiple products Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the "open folder" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the "Save Configuration As" option. | 7.2 |
| 2006-07-21 | CVE-2006-3696 | Local Denial of Service vulnerability in Agnitum Outpost Firewall 3.5.631 filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462) allows local users to cause a denial of service (crash) via long arguments to mshta.exe. | 2.1 |
| 2004-12-31 | CVE-2004-2472 | Remote Denial of Service vulnerability in Agnitum Outpost Firewall 2.1 Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a denial of service (CPU consumption) via a flood of small, invalid packets, which can not be processed quickly enough by Outpost Pro. | 5.0 |