lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <1367939215.20060308125256@haack-it.de>
Date: Wed, 8 Mar 2006 12:52:56 +0100
From: Matti Haack <m.haack@...ck-it.de>
To: bugtraq@...urityfocus.com
Subject: Re: AVG 7 granting Everyone Full Control to updated files... even its drivers


Grisoft   issued   a   fix   for   the Problem, wich installs with the
latest Update:

--- AVG Anti-Virus Update ---
(03/08/2006)

********************************
**     AVG Anti-Virus 7.1     **
********************************

--- information about Update ---

Update Summary:

* fix for the too relaxed permission after the update
* changes in scanning core, mainly new generic getection of some 
  polymorphic viruses and support for more run-time compression 
  algorithms
* ability to set up exclusions for the detection of potentially 
  unwanted programs
* in firewall, ability to define new global rules and to step back 
  firewall configuration


Update your AVG Anti-Virus 7.1 using one of the following methods:

 - Use the Update feature in AVG Anti-Virus 7.1 to perform your 
   update - select "Internet", and AVG will prompt you with the 
   update files appropriate for your installation.

 - Use the appropriate link from below to download the Update file 
   to your hard drive. Then access the Update feature 
   in AVG Anti-Virus 7.1 - select "Folder" and indicate the location 
   of the Update file which you have downloaded. 

Update file for all Program versions (size 4094665 bytes):
  http://www.grisoft.cz/softw/70/update/u7fwf3845z.bin

Update file for all Program versions (size 6974519 bytes):
  http://www.grisoft.cz/softw/70/update/u7f3845z.bin

Update file for all Program versions (size 1378218 bytes):
  http://www.grisoft.cz/softw/70/update/u7hlpf3795z.bin

Update file for all Program versions (size 2638096 bytes):
  http://www.grisoft.cz/softw/70/update/u7lngextf3785z.bin



All available Update files, including previous versions, 
may be found at the following link:
  http://www.grisoft.com/update/index.php?lng=com

-- 
GRISOFT

> There is more here: http://www.dslreports.com/forum/remark,15601404

> Basically, a first time install of AVG 7 will have default
> permissions. \Program Files\Grisoft\AVG Free has inherited
> permissions from \Program Files. This is preferred, because lower
> privileged accounts can't damage it.

> Once any files are updated, the permissions are changed to
> "Everyone" with "Full Control" on the updated files, and will change
> the owner to whomever is logged in. Even limited users become
> owners. That does not stop at \Program Files\Grisoft\AVG Free, it
> will even do that to AVG's drivers in %windir%\system32\drivers.


- 
Matti Haack - Hit Haack IT Service Gmbh
Poltlbauer Weg 4, D-94036 Passau
+49 851 50477-22 Fax: +49 851 50477-29
http://www.haack-it.de



Dieses Dokument ist ausschliesslich fuer den Adressaten bestimmt.
Jegliche Art von Reproduktion, Verbreitung, Vervielfaeltigung, Modifikation, 
Verteilung und/oder Publikation dieser E-Mail-Nachricht ist untersagt, 
soweit dies nicht  ausdruecklich genehmigt wurde. Jegliche Haftung fur 
Ansprueche,  die aufgrund der Kommunikation per E-Mail begruendet 
werden koennten, ist ausgeschlossen, soweit der Haftungsausschluss 
gesetzlich zulaessig ist.  

-- Ausgehende E-Mail wurde auf Viren gescannt  --


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ