lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <s1260cbe.058@gwsmtp.ohsu.edu>
From: farrenkm at ohsu.edu (Matthew Farrenkopf)
Subject: Unsecure file permission of ZoneAlarm
 pro.

Ron DuFresne <dufresne@...ternet.com> 8/20/2004 1:10:21 PM:
> yet, if I read this properly it wasnpt simply and open e-mail
attachment
> issue was it, it was open attachment then make suggested changes to
the
> system issue wasn't it?  If I understood the problem, then it really
> requres more then a simple luser, it requires the most stupid of
lusers
> for it to take.  and in that case, we're perhaps better off with
them
> DOS'ed? <smile>

Okay, so I didn't make myself clear.  Hmm.

My contention was that, if permissions are Full for Everyone, then the
virus could write changes on its own.  Depending on how it works, it's
conceivable these changes are not detected by the TrueVector(R) driver. 
By making changes, that could trip ZA's integrity checks (at some point;
after rebooting, perhaps) and cause it to fail.  By failing, the user
can no longer connect to the Internet and may not understand why or know
what to do about it.

E-mail w/virus -> (L)user opens -> Runs attachment -> Attachment makes
changes to key ZA files since permissions are wide open -> ZA fails
integrity check -> denies Internet access.

That is the full timeline I had in mind, and the nature of the DoS.

Your suggestion reminds me of the "(insert name of group of people
here) Virus" (I Googled it to the Kentucky Virus, but I'm sure it has
other names), whereby the virus works on the honor system and the user
should erase his/her own hard drive. :-)

Matt



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ