lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040822190906.77160.qmail@web20223.mail.yahoo.com>
From: visitbipin at yahoo.com (bipin gautam)
Subject: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load)


>ZoneAlarm does not rely on file permissions to
protect
>any configuration files.   Configuration files are
protected 
>by our TrueVector(r) driver in the kernel. 

>then ALL YOU NEED TO DO,
>is to change the folder permissions to EVERYONE:
DENY, and NTFS will
>not EVER allow you to recover this folder. ZA will
thus never operate
>properly on this machine again.

Not really, I've discoverd a NTFS feature (BUG?).
well... If you have system/administrative privilages
in a disk.... you can read/modify a file even though
it has "EVERYONE: DENY" permission set.

All you have to do is read the file through RAW disk
access... instead of going through the standard
procedure. 

This will let you read/modify the file even-though it
has the permission "EVERYONE: DENY" For quick demo.
use any, file delete/recovery utility... to read a
file that has EVERYONE: DENY permission set.

--------------
But, this trick isn't limited to this... i've foud
some intresting thing. 
--------------

EVEN THOUGH ZA has its 'SECURITY' feature enabled, all
a attacker has to do is, 

E:\WINDOWS\Internet Logs\> attrib/s +h +s +r +a 

{{{ and compress the folder (optional) }}}

Next time,  when ZAP or PC restarts... its so called,
TrueVector(r) driver in the kernel will fail to load
at all. (cheese!)

Now, DOES ANYONE SEES A HOLE.....   (O;

bipin 



		
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ