Unsecure file permission of ZoneAlarm pro.

From: Bipin Gautam (visitbipin_at_hotmail.com)
Date: 08/20/04

  • Next message: http-equiv_at_excite.com: "What A Drag II XP SP2"
    Date: 20 Aug 2004 02:51:37 -0000
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is)

    Hello list,

    Zone Alarm stores its config. files in %windir%\Internet Logs\* . But strangely,

    ZoneAlarm sets the folder/file permission (NTFS) of %windir%\Internet Logs\* to,

    EVERYONE: Full

    after its first started.

    Even If you try to change the permission to...

    Administrator (s): full
    system: full
    users: read and execute
    [these are the default permissions]

    Strangely, the permission again changes back to... EVERYONE: Full each time

    ZoneAlarm Pro (ZAP) is started. I've tested these in zap 4.x and 5.x

            This could prove harmful if we have a malicious program/user running with

    even with a user privilege on the system.

    Well a malicious program could modify those config file in a way ZAP will stop

    functioning. This is what ZoneLabs had to say...

    ---snip-------
    >anyone could open any ZoneAlarm file
    > (assuming it isn't locked), edit it with a hexeditor and
    > cause it to stop functioning. This type of modification
    > wouldn't be classified as an attack, as you have simply
    > modified the file and caused it to not function as expected.
    > This is true of any executable or other binary.
    >
    ---/snip-------
    yap, true... but shouldn’t ZAP have some protection against such attacks? instead

    of leaving the permission to " EVERYONE: Full " I wonder if a program could bypass

    ZAP filters using "safePrograms*.xml" [...experimenting]

    anyone wanna take this thing to a new level, please go on...

    Regards,

    Bipin Gautam
    http://www.geocities.com/visitbipin/


  • Next message: http-equiv_at_excite.com: "What A Drag II XP SP2"

    Relevant Pages

    • Re: [PATCH 2.6.16-rc1-git4] accessfs: a permission managing filesystem
      ... >> Accessfs is a permission managing filesystem. ... One module allows granting capabilities based ... +individually configure which user/program can bind to protected ports ... +config ACCESS_FS ...
      (Linux-Kernel)
    • [Full-Disclosure] Unsecure file permission of ZoneAlarm pro.
      ... Zone Alarm stores its config. ... Even If you try to change the permission to... ... ZoneAlarm Pro (ZAP) is started. ...
      (Full-Disclosure)
    • Task manger new task error
      ... with winlogon and an automatic user login with Administratos ... permission. ... If I try to run the same process from my shell with Process.StartI ... What component or config missing in my config? ...
      (microsoft.public.windowsxp.embedded)
    • Re: Limitation for User
      ... I want to how to config the limitation (permission) from the ... Only allow user root, svradmin and edward they can access to ...
      (Fedora)