BugTraq
Back to list
|
Post reply
Unsecure file permission of ZoneAlarm pro.
Aug 20 2004 02:51AM
Bipin Gautam (visitbipin hotmail com)
Hello list,
Zone Alarm stores its config. files in %windir%\Internet Logs\* . But strangely,
ZoneAlarm sets the folder/file permission (NTFS) of %windir%\Internet Logs\* to,
EVERYONE: Full
after its first started.
Even If you try to change the permission to...
Administrator (s): full
system: full
users: read and execute
[these are the default permissions]
Strangely, the permission again changes back to... EVERYONE: Full each time
ZoneAlarm Pro (ZAP) is started. I've tested these in zap 4.x and 5.x
This could prove harmful if we have a malicious program/user running with
even with a user privilege on the system.
Well a malicious program could modify those config file in a way ZAP will stop
functioning. This is what ZoneLabs had to say...
---snip-------
>anyone could open any ZoneAlarm file
> (assuming it isn't locked), edit it with a hexeditor and
> cause it to stop functioning. This type of modification
> wouldn't be classified as an attack, as you have simply
> modified the file and caused it to not function as expected.
> This is true of any executable or other binary.
>
---/snip-------
yap, true... but shouldn?t ZAP have some protection against such attacks? instead
of leaving the permission to " EVERYONE: Full " I wonder if a program could bypass
ZAP filters using "safePrograms*.xml" [...experimenting]
anyone wanna take this thing to a new level, please go on...
Regards,
Bipin Gautam
http://www.geocities.com/visitbipin/
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Hello list,
Zone Alarm stores its config. files in %windir%\Internet Logs\* . But strangely,
ZoneAlarm sets the folder/file permission (NTFS) of %windir%\Internet Logs\* to,
EVERYONE: Full
after its first started.
Even If you try to change the permission to...
Administrator (s): full
system: full
users: read and execute
[these are the default permissions]
Strangely, the permission again changes back to... EVERYONE: Full each time
ZoneAlarm Pro (ZAP) is started. I've tested these in zap 4.x and 5.x
This could prove harmful if we have a malicious program/user running with
even with a user privilege on the system.
Well a malicious program could modify those config file in a way ZAP will stop
functioning. This is what ZoneLabs had to say...
---snip-------
>anyone could open any ZoneAlarm file
> (assuming it isn't locked), edit it with a hexeditor and
> cause it to stop functioning. This type of modification
> wouldn't be classified as an attack, as you have simply
> modified the file and caused it to not function as expected.
> This is true of any executable or other binary.
>
---/snip-------
yap, true... but shouldn?t ZAP have some protection against such attacks? instead
of leaving the permission to " EVERYONE: Full " I wonder if a program could bypass
ZAP filters using "safePrograms*.xml" [...experimenting]
anyone wanna take this thing to a new level, please go on...
Regards,
Bipin Gautam
http://www.geocities.com/visitbipin/
[ reply ]