[<prev] [next>] [day] [month] [year] [list]
Message-ID: <12E557CB77632E4B8ECFD605C518C12B3DA20B@dm-mail.dm.local>
From: cmacfarlane at Drummond-Miller.co.uk (Cassidy Macfarlane)
Subject: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load)-WASTE OF TIME
ffs
Open a cmd, type 'format c: /y'
Omg, phone billy g, it's a massive DoS/vuln.
Get a grip bipin. If a malicious user has command line access to your
system, 'zonealarm' is the last thing you should be worrying about.
-----Original Message-----
From: bipin gautam [mailto:visitbipin@...oo.com]
Sent: 23 August 2004 15:34
To: barrie@...oot-robot.net
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm
pro. (ZA will fail to load)
--- Barrie Dempster <barrie@...oot-robot.net> wrote:
> In reply to my own previous email, I assumed ZA
> would fail, as others
> have on this list, with an EVERYONE:DENY security
> policy, however this
> isn't the case.
> ZA 5.1 PRO Trial version will change this to
> EVERYONE:FULL for the
> duration of the program after which it will then
> change these settings
> back to the original EVERYONE:DENY. This throws out
> the DoS theory, but
> the permissions are still extremely permissive, if
> the "truevector
> driver" was to have issues with it's integrity
> checks then the files in
> this folder would be easily compromised.
not really, just simply, go to internet log directory
and , do
..\..\Internet Logs\>attrib/s +h +s +r +a *.*
next time Zap'S "truevector driver" will fail to load.
when the pc reboots or zap restarts...
bipin
ps: thanks for the 'Rant's-&-Raves' regarding NTFS (O;
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists