[NT] Webroot Desktop Firewall Two Vulnerabilities

From: SecuriTeam (support_at_securiteam.com)
Date: 10/10/05

  • Next message: SecuriTeam: "[UNIX] Shorewall MACLIST Security Vulnerability"
    To: list@securiteam.com
    Date: 10 Oct 2005 13:44:47 +0200
    
    

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Webroot Desktop Firewall Two Vulnerabilities
    ------------------------------------------------------------------------

    SUMMARY

     <http://www.webroot.com/consumer/products/desktopfirewall/> Webroot
    Desktop Firewall "secures your computer from Internet threats and reduces
    the risks of being a victim of online crimes".

    Secunia Research has discovered two vulnerabilities in Webroot Desktop
    Firewall, which can be exploited by malicious, local users to gain
    escalated privileges or bypass certain security restrictions.

    DETAILS

    Vulnerable Systems:
     * Webroot Desktop Firewall version 1.3.0 build 43

    Immune Systems:
     * Webroot Desktop Firewall version 1.3.0 build 52

    1) A boundary error in PWIWrapper.dll when deleting a program from the
    list of "allowed" programs can cause a buffer overflow in
    FirewallNTService.exe. This can be exploited by sending a specially
    crafted application chain to the firewall driver via a DeviceIoControl()
    command, and then removing an "allowed" program from the firewall GUI.

    Successful exploitation allows non-privileged users to execute arbitrary
    code with SYSTEM privileges, but requires the the ability
    to add and remove programs from the firewall's permitted application list.

    2) It is possible for non-privileged users to disable the firewall even
    when password protection has been enabled, by sending specific
    DeviceIoControl() commands to the firewall driver.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:vuln@secunia.com> Secunia
    Research.
    The original article can be found at:
    <http://support.webroot.com/ics/support/KBAnswer.asp?questionID=2332>
    http://support.webroot.com/ics/support/KBAnswer.asp?questionID=2332

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.


  • Next message: SecuriTeam: "[UNIX] Shorewall MACLIST Security Vulnerability"

    Relevant Pages

    • [NT] BlackIce Server Protect Unprivileged User Attack
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... BlackICE responds immediately by ... Due to insecure access control restrictions of the firewall initialization ... auto-blocking = enabled, 2000, BIgui ...
      (Securiteam)
    • [NEWS] Fortigate Firewall Web Interface Vulnerabilities
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... obtain an administrative username and password of the Fortigate firewall. ... remote attacker can trick an administrator into revealing his credentials. ... Web Filter Log Passes Unfiltered Session Details ...
      (Securiteam)
    • [REVS] Placing Backdoors Through Firewalls
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... This article describes possible back-doors through different firewall ... This is the enhanced version of a packet filter. ... A proxy as a firewall host is simply any server which has no routing ...
      (Securiteam)
    • [NEWS] Fortigate Firewall Inadequate Log Filtering
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Fortigate Firewall, has been found to ... After the web filter has been enabled, the administrator has the ability ...
      (Securiteam)
    • [NT] Agnitum Outpost Firewall Pro DoS
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Outpost Firewall Pro, you get award-winning ... By flooding Outpost Pro with a sustained rate of packets it is possible to ... Outpost Pro maintains a list of all new incoming packets. ...
      (Securiteam)