A local escalation of privileges issue in ZoneAlarm products does exist.

Started by Eric the Red, March 13, 2006, 08:14:13 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Eric the Red

Extract:

QuoteAn attacker who succeeds placing a malicious DLL in a folder, which appears in the PATH before the ZoneAlarm folder, might run the malicious DLL under the SYSTEM local account privileges.
Any software program that runs with SYSTEM privileges and dynamically loads DLLs from the PATH could be subjected to a similar issue.

See this link from NISCC for full details.
"The time to start running is around about the "e" in "Hey, you!" "

mgee

I didn't really understand this - I'm a bit confused about how does a user become endangered?   :shock:

I'm especially concerned now because of the difficulties with the new Zone Alarm update 65_722_ 000 does this troublesome update leave a user open to exploitation?

M.  :lol:
"...love builds up." (1 Corinthians 8:1)

Ripley

mgee  :)

QuoteI didn't really understand this - I'm a bit confused about how does a user become endangered?

I cannot fully explain how this ZA issue could have endangered a user, but I know there are others here that can answer that.

QuoteI'm especially concerned now because of the difficulties with the new Zone Alarm update 65_722_ 000 does this troublesome update leave a user open to exploitation?

Not quite sure if you mean the ZA 65.722.00 is troublesome or the local escalation of privileges issue in ZA is troublesome.  :lol:

As I understand it there were issues reported by numerous users with ZA update 65.722.00 which to me seemed more compatibility issues with other software like MSN Messenger.

Check out this thread: http://www.landzdown.com/index.php?topic=8516.0

Because of those compatibility issues reported, I am still at ZoneAlarm version:6.1.744.001

But it's my understanding that version:6.1.744.001 fixed the local escalation of privileges security issue per the revision history outlined by ZA.
http://download.zonelabs.com/bin/free/information/znalm/zaReleaseHistory.html#6.1.744.001

So even tho I am not sure how escalation of privileges can harm me...I have the impression that updating to ZA 6.1.744.001 covers me for that issue.

Here's the history from 6.1.744.000 to 6.5.722.00
New and improved features in ZoneAlarm version 6.5.722.000

Fixed: Removed McAfee installation gate
Fixed- LastWriteTime not being updated
New and improved features in ZoneAlarm version 6.5.714.000

Fixed – In some instances rundll32 takes ~90-99% CPU
Fixed –Service stability issue
New and improved features in ZoneAlarm version 6.5.700.000

Game mode: Right-mouse click control to stop alerts from interrupting game play.
Addresses inability to delete ZoneAlarm files in Safe Mode.
Addressed incompatibility with Red Orchestra Game.
Fixed a service stability issue.
Reduced memory usage during Anti-Spyware scan.
Improved Boot time.
Various other fixes.
New and improved features in ZoneAlarm version 6.1.744.001

Fixed - Local escalation of privileges issue (For more details please click here)

New and improved features in ZoneAlarm version 6.1.744.000
Fixed - Service stability issue
Fixed - Communicate with the centralized server issue
Fixed - Overlapped text in support and update information
Fixed - Various other bug fixes




mgee

Hi Ripley
Thanks for the reply - I still don't really know much, hehe, except to know that I think this is one of times when I will just have to wait until I learn more about these sorts of things ;)

I will be sure to stick with the tried and true version of ZA until we're confident the new release is usable.

M.  :D
"...love builds up." (1 Corinthians 8:1)