lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <41C72FC0.8060504@blackhat.dk>
From: xenzeo at blackhat.dk (Xenzeo)
Subject: FreezeX file access vulnerability

Affected Products:
	Faronics FreezeX v. 1.00.100.0666
	(http://www.faronics.com/html/Freezex.asp)

Author:
	Xenzeo


FreezeX is a program that promise, it can prevent executable files from 
beeing run on windows OS.


FreezeX has a database of every file from when it was installed (db.fzx) 
this file i located in C:\Program Files\Faronics\FreezeX\db.fzx, this 
file seems inaccessable, when trying accessing this directory, windows 
reports Access Denied from "dos" and windows.

Though one with administrative access can simply overwrite this file
with misc data, resulting in killing FreezeX


Proof Of Concept:

C:\> echo "diediedie" > C:\Program Files\Faronices\Freezex\db.fzx

	Reboot windows, and FreezeX can no longer determine what
	files have permission to be run, and needs to be reinstalled
	to work again.


Vender status:
	Faronics know of this and promises it will be fixed shortly.

-Xenzeo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ