the original cloud security

Secunia Security Advisory 35334

Secunia Security Advisory 35334
Posted Jun 9, 2009
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Online Armor Personal Firewall and Online Armor Personal Firewall AV+, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
MD5 | 1fde4ac340315c0ead5e9c29134981e6

Secunia Security Advisory 35334

Change Mirror Download
----------------------------------------------------------------------

Do you have VARM strategy implemented?

(Vulnerability Assessment Remediation Management)

If not, then implement it through the most reliable vulnerability
intelligence source on the market.

Implement it through Secunia.

For more information visit:
http://secunia.com/advisories/business_solutions/

Alternatively request a call from a Secunia representative today to
discuss how we can help you with our capabilities contact us at:
sales@secunia.com

----------------------------------------------------------------------

TITLE:
Online Armor "OAmon.sys" IOCTL Privilege Escalation Vulnerability

SECUNIA ADVISORY ID:
SA35334

VERIFY ADVISORY:
http://secunia.com/advisories/35334/

DESCRIPTION:
A vulnerability has been reported in Online Armor Personal Firewall
and Online Armor Personal Firewall AV+, which can be exploited by
malicious, local users to gain escalated privileges.

The vulnerability is caused due to an error within the TDI Helper
driver (OAmon.sys) when handling certain IOCTLs. This can be
exploited to execute arbitrary code with kernel privileges on a
vulnerable system.

The vulnerability is reported in Online Armor Personal Firewall v3.5
and Online Armor Personal Firewall AV+ version 3.5.0.12. Other
versions may also be affected.

SOLUTION:
Update to Online Armor Personal Firewall v3.5 version 3.5.0.14 or
Online Armor Personal Firewall AV+ released after 2009-04-27.

PROVIDED AND/OR DISCOVERED BY:
NT Internals

ORIGINAL ADVISORY:
NTIADV0806:
http://www.ntinternals.org/ntiadv0806/ntiadv0806.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close