- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Check Point Zone Labs Multiple Products Privilege Escalation Vulnerability
------------------------------------------------------------------------
SUMMARY
<http://www.zonelabs.com/> Zone Alarm products provide security solutions
such as anti-virus, firewall, spy-ware, and ad-ware protection.
Local exploitation of an insecure permission vulnerability in multiple
Check Point Zone Labs products allows attackers to escalate privileges or
disable protection.
DETAILS
Vulnerable Systems:
* ZoneAlarm Security Suite version 5.5.062.004 and 6.5.737.
* It is strongly suspected that other versions of ZoneAlarm and other
Zone Labs products are affected
The vulnerability specifically exists in the default file Access Control
List (ACL) settings that are applied during installation. When an
administrator installs any of the Zone Labs ZoneAlarm tools, the default
ACL allows any user to modify the installed files. Some of the programs
run as system services. This allows a user to simply replace an installed
ZoneAlarm file with their own code that will later be executed with
system-level privileges.
Exploitation allows local attackers to escalate privileges to the system
level. It is also possible to use this vulnerability to simply disable
protection by moving all of the executable files so that they cannot start
on a reboot.
Workaround:
Apply proper Access Control List settings to the directory that ZoneAlarm
Security Suite is installed in. The ACL rules should make sure that no
regular users can modify files in the directory.
Vendor status:
Check Point Zone Labs has addressed this vulnerability in version 7.0.362
of their ZoneAlarm products. For more information, consult the Check Point
Zone Labs download page at the following URL.
<http://www.zonealarm.com/store/content/catalog/products/trial_zaFamily/trial_zaFamily.jsp> http://www.zonealarm.com/store/content/catalog/products/trial_zaFamily/trial_zaFamily.jsp
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2932>
CVE-2005-2932
Disclosure Timeline:
* 09/29/2005 - Initial vendor notification
* 09/29/2005 - Initial vendor response
* 10/19/2006 - Second vendor notification
* 08/20/2007 - Coordinated public disclosure
ADDITIONAL INFORMATION
The information has been provided by iDefense.
The original article can be found at:
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=584>
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=584
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
No comments:
Post a Comment