| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: farrenkm at ohsu.edu (Matthew Farrenkopf) Subject: Unsecure file permission of ZoneAlarm pro. Ron DuFresne <dufresne@...ternet.com> 8/20/2004 1:10:21 PM: > yet, if I read this properly it wasnpt simply and open e-mail attachment > issue was it, it was open attachment then make suggested changes to the > system issue wasn't it? If I understood the problem, then it really > requres more then a simple luser, it requires the most stupid of lusers > for it to take. and in that case, we're perhaps better off with them > DOS'ed? <smile> Okay, so I didn't make myself clear. Hmm. My contention was that, if permissions are Full for Everyone, then the virus could write changes on its own. Depending on how it works, it's conceivable these changes are not detected by the TrueVector(R) driver. By making changes, that could trip ZA's integrity checks (at some point; after rebooting, perhaps) and cause it to fail. By failing, the user can no longer connect to the Internet and may not understand why or know what to do about it. E-mail w/virus -> (L)user opens -> Runs attachment -> Attachment makes changes to key ZA files since permissions are wide open -> ZA fails integrity check -> denies Internet access. That is the full timeline I had in mind, and the nature of the DoS. Your suggestion reminds me of the "(insert name of group of people here) Virus" (I Googled it to the Kentucky Virus, but I'm sure it has other names), whereby the virus works on the honor system and the user should erase his/her own hard drive. :-) Matt
Powered by blists - more mailing lists