Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Unsecure file permission of ZoneAlarm pro.

from [Bipin Gautam] Network Security [Permanent Link]
Subject: Unsecure file permission of ZoneAlarm pro.
Date: 20 Aug 2004 02:51:37 -0000 


Hello list,

Zone Alarm stores its config. files in %windir%\Internet Logs\* . But 
strangely, 

ZoneAlarm sets the folder/file permission (NTFS) of %windir%\Internet Logs\* to,

EVERYONE: Full 

after its first started.

Even If you try to change the permission to...

Administrator (s): full
system: full
users: read and execute
[these are the default permissions] 

Strangely, the permission again changes back to... EVERYONE: Full each time 

ZoneAlarm Pro (ZAP) is started. I've tested these in zap 4.x and 5.x

        This could prove harmful if we have a malicious program/user running 
with 

even with a user privilege on the system.

Well a malicious program could modify those config file in a way ZAP will stop 

functioning. This is what ZoneLabs had to say...

---snip-------

anyone could open any ZoneAlarm file 
(assuming it isn't locked), edit it with a hexeditor and 
cause it to stop functioning. This type of modification 
wouldn't be classified as an attack, as you have simply 
modified the file and caused it to not function as expected. 
This is true of any executable or other binary.


---/snip-------
yap, true... but shouldn?t ZAP have some protection against such attacks? 
instead 

of leaving the permission to " EVERYONE: Full " I wonder if a program could 
bypass 

ZAP filters using "safePrograms*.xml" [...experimenting]

anyone wanna take this thing to a new level, please go on...

Regards,

Bipin Gautam
http://www.geocities.com/visitbipin/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  XV multiple buffer overflows, exploit included, infamous41md
Next by Date:  What A Drag II XP SP2, http-equiv@excite.com
Previous by Thread:  XV multiple buffer overflows, exploit included, infamous41md
Next by Thread:  Re: Unsecure file permission of ZoneAlarm pro., Bipin Gautam
Indexes:  [Date] [Thread] [Top] [All Lists]