lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20040820025050.29732.qmail@web20224.mail.yahoo.com>
From: visitbipin at yahoo.com (bipin gautam)
Subject: Unsecure file permission of ZoneAlarm pro.

Hello list,

Zone Alarm stores its config. files in
%windir%\Internet Logs\* . But strangely, 

ZoneAlarm sets the folder/file permission (NTFS) of
%windir%\Internet Logs\* to,

EVERYONE: Full 

after its first started.

Even If you try to change the permission to...

Administrator (s): full
system: full
users: read and execute
[these are the default permissions] 

Strangely, the permission again changes back to...
EVERYONE: Full each time 

ZoneAlarm Pro (ZAP) is started. I've tested these in
zap 4.x and 5.x

	This could prove harmful if we have a malicious
program/user running with 

even with a user privilege on the system.

Well a malicious program could modify those config
file in a way ZAP will stop 

functioning. This is what ZoneLabs had to say...

---snip-------
>anyone could open any ZoneAlarm file 
> (assuming it isn't locked), edit it with a hexeditor
and 
> cause it to stop functioning. This type of
modification 
> wouldn't be classified as an attack, as you have
simply 
> modified the file and caused it to not function as
expected. 
> This is true of any executable or other binary.
> 
---/snip-------
yap, true... but shouldn’t ZAP have some protection
against such attacks? instead 

of leaving the permission to " EVERYONE: Full " I
wonder if a program could bypass 

ZAP filters using "safePrograms*.xml"
[...experimenting]

anyone wanna take this thing to a new level, please go
on...

Regards,

Bipin Gautam
http://www.geocities.com/visitbipin/




		
_______________________________
Do you Yahoo!?
Win 1 of 4,000 free domain names from Yahoo! Enter now.
http://promotions.yahoo.com/goldrush


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ