[Full-Disclosure] Unsecure file permission of ZoneAlarm pro.
From: bipin gautam (visitbipin_at_yahoo.com)
Date: 08/20/04
- Previous message: ASB: "Re: [ok] [Full-Disclosure] RE: [Full-Disclosure]MS should re-write code with security in mind"
- Next in thread: John LaCour: "RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Maybe reply: John LaCour: "RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Maybe reply: Todd Towles: "RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Maybe reply: Todd Towles: "RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Maybe reply: Matthew Farrenkopf: "RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Maybe reply: Matthew Farrenkopf: "RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Maybe reply: Todd Towles: "RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: full-disclosure@lists.netsys.com Date: Thu, 19 Aug 2004 19:50:50 -0700 (PDT)
Hello list,
Zone Alarm stores its config. files in
%windir%\Internet Logs\* . But strangely,
ZoneAlarm sets the folder/file permission (NTFS) of
%windir%\Internet Logs\* to,
EVERYONE: Full
after its first started.
Even If you try to change the permission to...
Administrator (s): full
system: full
users: read and execute
[these are the default permissions]
Strangely, the permission again changes back to...
EVERYONE: Full each time
ZoneAlarm Pro (ZAP) is started. I've tested these in
zap 4.x and 5.x
This could prove harmful if we have a malicious
program/user running with
even with a user privilege on the system.
Well a malicious program could modify those config
file in a way ZAP will stop
functioning. This is what ZoneLabs had to say...
---snip-------
>anyone could open any ZoneAlarm file
> (assuming it isn't locked), edit it with a hexeditor
and
> cause it to stop functioning. This type of
modification
> wouldn't be classified as an attack, as you have
simply
> modified the file and caused it to not function as
expected.
> This is true of any executable or other binary.
>
---/snip-------
yap, true... but shouldn’t ZAP have some protection
against such attacks? instead
of leaving the permission to " EVERYONE: Full " I
wonder if a program could bypass
ZAP filters using "safePrograms*.xml"
[...experimenting]
anyone wanna take this thing to a new level, please go
on...
Regards,
Bipin Gautam
http://www.geocities.com/visitbipin/
_______________________________
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
http://promotions.yahoo.com/goldrush
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Previous message: ASB: "Re: [ok] [Full-Disclosure] RE: [Full-Disclosure]MS should re-write code with security in mind"
- Next in thread: John LaCour: "RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Maybe reply: John LaCour: "RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Maybe reply: Todd Towles: "RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Maybe reply: Todd Towles: "RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Maybe reply: Matthew Farrenkopf: "RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Maybe reply: Matthew Farrenkopf: "RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Maybe reply: Todd Towles: "RE: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
