Secunia Security Advisory - Some vulnerabilities have been reported in ZomeAlarm products, which can be exploited by malicious, local users to gain escalated privileges.
f14b4fe7b83c41da402240ceb4827c6975ee0321867f6408afc9bd6622b767c2
----------------------------------------------------------------------
Secunia customers receive relevant and filtered advisories.
Delivery is done via different channels including SMS, Email, Web,
and https based XML feed.
http://corporate.secunia.com/trial/38/request/
----------------------------------------------------------------------
TITLE:
ZoneAlarm Products SRESCAN.SYS IOCTL Handler Privilege Escalation
SECUNIA ADVISORY ID:
SA24986
VERIFY ADVISORY:
http://secunia.com/advisories/24986/
CRITICAL:
Less critical
IMPACT:
Privilege escalation
WHERE:
Local system
SOFTWARE:
ZoneAlarm 4.x
http://secunia.com/product/150/
ZoneAlarm 3.x
http://secunia.com/product/153/
ZoneAlarm 2.x
http://secunia.com/product/3056/
ZoneAlarm 5.x
http://secunia.com/product/4647/
ZoneAlarm 6.x
http://secunia.com/product/5806/
ZoneAlarm 7.x
http://secunia.com/product/13889/
ZoneAlarm Anti-Spyware 6.x
http://secunia.com/product/6073/
ZoneAlarm Antivirus 5.x
http://secunia.com/product/4271/
ZoneAlarm Antivirus 6.x
http://secunia.com/product/6074/
ZoneAlarm Internet Security Suite 6.x
http://secunia.com/product/6072/
ZoneAlarm Plus 3.x
http://secunia.com/product/3057/
ZoneAlarm Plus 4.x
http://secunia.com/product/151/
ZoneAlarm Pro 2.x
http://secunia.com/product/152/
ZoneAlarm Pro 3.x
http://secunia.com/product/1960/
ZoneAlarm Pro 4.x
http://secunia.com/product/1961/
ZoneAlarm Pro 5.x
http://secunia.com/product/4280/
ZoneAlarm Pro 6.x
http://secunia.com/product/6071/
ZoneAlarm Security Suite 5.x
http://secunia.com/product/4272/
ZoneAlarm Wireless Security 5.x
http://secunia.com/product/4648/
DESCRIPTION:
Some vulnerabilities have been reported in ZomeAlarm products, which
can be exploited by malicious, local users to gain escalated
privileges.
Insufficient address space verification within the 0x22208F and
0x0x2220CF IOCTL handlers of SRESCAN.SYS and insecure permissions on
the \\.\SreScan DOS device interface can be exploited to e.g. access
the said IOCTL handlers and overwrite arbitrary memory and execute
code with kernel privileges.
The vulnerabilities are reported in SRESCAN.SYS version 5.0.63.0
included in the free version of ZoneAlarm. Other versions may also be
affected.
SOLUTION:
Update to version 5.0.156.0 or higher of the ZoneAlarm Spyware
Removal Engine (current deployed version is 5.0.162.0).
http://www.zonealarm.com/store/content/catalog/download_buy.jsp?dc=12bms&ctry=US&lang=en
PROVIDED AND/OR DISCOVERED BY:
Discovered by Ruben Santamarta and reported via iDefense Labs.
ORIGINAL ADVISORY:
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=517
Reversemode:
http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=48
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------