Bugtraq mailing list archives

bugs in Panda Security 3.0

From: izan () TELELINE ES (|Zan)
Date: Mon, 17 Apr 2000 19:12:18 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                       DeepZone Security Advisory

        Advisory Name: Panda Security 3.0
    Advisory Released: [00/04/17]
          Application: Panda Security 3.0
                       (build 3.0.0.71/96) on Win9x
             Severity: local logged user can get
                       Administrator privileges.
                       Product can be uninstalled.
               Status: Vendor contacted. Fix provided
                       by the vendor.
              Authors: izan () galaxycorp com
                       thewizard () pagina de
                  WWW: http://deepzone.cjb.net

OVERVIEW
Panda Security 3.0's all builds ('<3.0.2.0') present several
important vulnerabilities. Any local logged user can override
his/her privileges. Any local logged user can become
Administrator in a system running Panda Security 3.0.

BACKGROUND
Ideas, exploits & rootkit were tested against Panda Security's
spanish versions (builds 3.0.0.71/96).

DETAILS
Panda Security 3.0 is vulnerable to indirect key merging. Critical
keys protecting this product can be override easily. A programming
error doesn't protect these keys in registry so any local logged
user can introduce new values overriding original values.

Other bug found in Panda Security will let uninstall this product
without any problem. Panda Security doesn't check wininit.exe
activity so any software (including Panda Security) can be
uninstalled by any generic uninstaller.

Full details, exploits and a patch to keep PS's full control can
be found in ...

     http://deepzone.cjb.net

FIXES/PATCHES
Panda Software was contacted two weeks ago. Patches and a new
release (3.0.2.0) will be available soon fixing these bugs in ...

 http://www.pandasoftware.es       (spanish version)
 http://www.pandasoftware.com      (international version)

Official releases list provided directly by Panda Software is ...

 3.0.0.77     Simo 99                    => Vulnerable
 3.0.0.90     Multimedia Ediciones       => Vulnerable
 3.0.0.96     January 2000               => Vulnerable
 3.0.0.97                                => Vulnerable
 3.0.0.100                               => Vulnerable

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 Int. for non-commercial use
<http://www.pgpinternational.com>

iQA/AwUBOPsOX35dnZe79rC4EQL3pACg37UjzpXuqssagp1X38pirPpyNnsAoOCL
hYUJn8YjUT5nrVsmDdzPd1RP
=Kpcr
-----END PGP SIGNATURE-----

--
|Zan   /  DeepZone (tm) - Digital Security Center
http://www.deepzone.org - http://mareasvivas.cjb.net

PGP key fingerprint:
AD 97 A6 AB DC BB D2 CF 89 AE  0A 88 7E 5D 9D 97 BB F6 B0 B8

--=[ ... toda la vida buscando respuestas ... y cuando por fin
               las encuentras ... cambian las preguntas ]=--
Current thread:

(no subject) eAX [Teelicht] (Apr 15)
- Re: KEN! security hole (was: -no subject-) Thorsten Claus (Apr 17)
- bugs in Panda Security 3.0 |Zan (Apr 17)