[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1367939215.20060308125256@haack-it.de>
Date: Wed, 8 Mar 2006 12:52:56 +0100
From: Matti Haack <m.haack@...ck-it.de>
To: bugtraq@...urityfocus.com
Subject: Re: AVG 7 granting Everyone Full Control to updated files... even its drivers
Grisoft issued a fix for the Problem, wich installs with the
latest Update:
--- AVG Anti-Virus Update ---
(03/08/2006)
********************************
** AVG Anti-Virus 7.1 **
********************************
--- information about Update ---
Update Summary:
* fix for the too relaxed permission after the update
* changes in scanning core, mainly new generic getection of some
polymorphic viruses and support for more run-time compression
algorithms
* ability to set up exclusions for the detection of potentially
unwanted programs
* in firewall, ability to define new global rules and to step back
firewall configuration
Update your AVG Anti-Virus 7.1 using one of the following methods:
- Use the Update feature in AVG Anti-Virus 7.1 to perform your
update - select "Internet", and AVG will prompt you with the
update files appropriate for your installation.
- Use the appropriate link from below to download the Update file
to your hard drive. Then access the Update feature
in AVG Anti-Virus 7.1 - select "Folder" and indicate the location
of the Update file which you have downloaded.
Update file for all Program versions (size 4094665 bytes):
http://www.grisoft.cz/softw/70/update/u7fwf3845z.bin
Update file for all Program versions (size 6974519 bytes):
http://www.grisoft.cz/softw/70/update/u7f3845z.bin
Update file for all Program versions (size 1378218 bytes):
http://www.grisoft.cz/softw/70/update/u7hlpf3795z.bin
Update file for all Program versions (size 2638096 bytes):
http://www.grisoft.cz/softw/70/update/u7lngextf3785z.bin
All available Update files, including previous versions,
may be found at the following link:
http://www.grisoft.com/update/index.php?lng=com
--
GRISOFT
> There is more here: http://www.dslreports.com/forum/remark,15601404
> Basically, a first time install of AVG 7 will have default
> permissions. \Program Files\Grisoft\AVG Free has inherited
> permissions from \Program Files. This is preferred, because lower
> privileged accounts can't damage it.
> Once any files are updated, the permissions are changed to
> "Everyone" with "Full Control" on the updated files, and will change
> the owner to whomever is logged in. Even limited users become
> owners. That does not stop at \Program Files\Grisoft\AVG Free, it
> will even do that to AVG's drivers in %windir%\system32\drivers.
-
Matti Haack - Hit Haack IT Service Gmbh
Poltlbauer Weg 4, D-94036 Passau
+49 851 50477-22 Fax: +49 851 50477-29
http://www.haack-it.de
Dieses Dokument ist ausschliesslich fuer den Adressaten bestimmt.
Jegliche Art von Reproduktion, Verbreitung, Vervielfaeltigung, Modifikation,
Verteilung und/oder Publikation dieser E-Mail-Nachricht ist untersagt,
soweit dies nicht ausdruecklich genehmigt wurde. Jegliche Haftung fur
Ansprueche, die aufgrund der Kommunikation per E-Mail begruendet
werden koennten, ist ausgeschlossen, soweit der Haftungsausschluss
gesetzlich zulaessig ist.
-- Ausgehende E-Mail wurde auf Viren gescannt --
Powered by blists - more mailing lists