Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load)

From: bipin gautam <visitbipin () yahoo com>
Date: Sun, 22 Aug 2004 12:09:06 -0700 (PDT)



ZoneAlarm does not rely on file permissions to

protect

any configuration files.   Configuration files are

protected 

by our TrueVector(r) driver in the kernel. 



then ALL YOU NEED TO DO,
is to change the folder permissions to EVERYONE:

DENY, and NTFS will

not EVER allow you to recover this folder. ZA will

thus never operate

properly on this machine again.


Not really, I've discoverd a NTFS feature (BUG?).
well... If you have system/administrative privilages
in a disk.... you can read/modify a file even though
it has "EVERYONE: DENY" permission set.

All you have to do is read the file through RAW disk
access... instead of going through the standard
procedure. 

This will let you read/modify the file even-though it
has the permission "EVERYONE: DENY" For quick demo.
use any, file delete/recovery utility... to read a
file that has EVERYONE: DENY permission set.

--------------
But, this trick isn't limited to this... i've foud
some intresting thing. 
--------------

EVEN THOUGH ZA has its 'SECURITY' feature enabled, all
a attacker has to do is, 

E:\WINDOWS\Internet Logs\> attrib/s +h +s +r +a 

{{{ and compress the folder (optional) }}}

Next time,  when ZAP or PC restarts... its so called,
TrueVector(r) driver in the kernel will fail to load
at all. (cheese!)

Now, DOES ANYONE SEES A HOLE.....   (O;

bipin 



                
__________________________________
Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.
http://promotions.yahoo.com/new_mail 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: