Full Disclosure mailing list archives
RE: Unsecure file permission of ZoneAlarm pro.
From: "Todd Towles" <toddtowles () brookshires com>
Date: Fri, 20 Aug 2004 11:15:58 -0500
Sorry John, I was confused between "Failing Closed" and "Failing Open". If integrity checks fail, no traffic is passed. That is better than Microsoft's simple reg disable hack. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of John LaCour Sent: Friday, August 20, 2004 5:40 AM To: bipin gautam; full-disclosure () lists netsys com Cc: Zone Labs Security Team Subject: RE: [Full-disclosure] Unsecure file permission of ZoneAlarm pro. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 There is absolutely no security issue here. ZoneAlarm does not rely on file permissions to protect any configuration files. Configuration files are protected by our TrueVector(r) driver in the kernel. In addition to protecting configuration files against unauthorized changes, there are additional integrity checks and other protection mechanisms implemented for all policy configuration files. Should any policy configuration files fail integrity checks, the firewall will fail closed. Again, no issue. - -- John LaCour Security Services Group Manager Zone Labs LLC, A Check Point Company
From: bipin gautam [mailto:visitbipin () yahoo com] Sent: Thursday, August 19, 2004 7:51 PM To: full-disclosure () lists netsys com Subject: [Full-disclosure] Unsecure file permission of ZoneAlarm pro. Hello list, Zone Alarm stores its config. files in %windir%\Internet Logs\* . But strangely, ZoneAlarm sets the folder/file permission (NTFS) of %windir%\Internet Logs\* to, EVERYONE: Full after its first started. Even If you try to change the permission to... Administrator (s): full system: full users: read and execute [these are the default permissions] Strangely, the permission again changes back to... EVERYONE: Full each time ZoneAlarm Pro (ZAP) is started. I've tested these in zap 4.x and 5.x This could prove harmful if we have a malicious program/user
running
with even with a user privilege on the system. Well a malicious program could modify those config file in a way ZAP will stop
[snip]
Bipin Gautam
-----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQA/AwUBQSXVCqeZbSyAsADEEQK9fgCeLLipKBn3Z7+PYj1E6GXkT0lubIgAnjCY ssK9UOJxQn98yj/5x+tWiPzw =OdxT -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load), (continued)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) bipin gautam (Aug 22)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) Chris Smith (Aug 23)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) James Greenhalgh (Aug 23)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) Barrie Dempster (Aug 23)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) Barrie Dempster (Aug 23)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) bipin gautam (Aug 23)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) bipin gautam (Aug 22)
- Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load) bipin gautam (Aug 22)
- Re: Unsecure file permission of ZoneAlarm pro. Barry Fitzgerald (Aug 20)
- RE: Unsecure file permission of ZoneAlarm pro. Ron DuFresne (Aug 20)