| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 20 Aug 2004 02:51:37 -0000 From: Bipin Gautam <visitbipin@...mail.com> To: bugtraq@...urityfocus.com Subject: Unsecure file permission of ZoneAlarm pro. Hello list, Zone Alarm stores its config. files in %windir%\Internet Logs\* . But strangely, ZoneAlarm sets the folder/file permission (NTFS) of %windir%\Internet Logs\* to, EVERYONE: Full after its first started. Even If you try to change the permission to... Administrator (s): full system: full users: read and execute [these are the default permissions] Strangely, the permission again changes back to... EVERYONE: Full each time ZoneAlarm Pro (ZAP) is started. I've tested these in zap 4.x and 5.x This could prove harmful if we have a malicious program/user running with even with a user privilege on the system. Well a malicious program could modify those config file in a way ZAP will stop functioning. This is what ZoneLabs had to say... ---snip------- >anyone could open any ZoneAlarm file > (assuming it isn't locked), edit it with a hexeditor and > cause it to stop functioning. This type of modification > wouldn't be classified as an attack, as you have simply > modified the file and caused it to not function as expected. > This is true of any executable or other binary. > ---/snip------- yap, true... but shouldn’t ZAP have some protection against such attacks? instead of leaving the permission to " EVERYONE: Full " I wonder if a program could bypass ZAP filters using "safePrograms*.xml" [...experimenting] anyone wanna take this thing to a new level, please go on... Regards, Bipin Gautam http://www.geocities.com/visitbipin/
Powered by blists - more mailing lists