----------------------------------------------------------------------

BETA test the new Secunia Personal Software Inspector!

The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.

Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/

----------------------------------------------------------------------

TITLE:
ZoneAlarm Products Insecure Directory Permissions and IOCTL Handler
Privilege Escalation

SECUNIA ADVISORY ID:
SA26513

VERIFY ADVISORY:
http://secunia.com/advisories/26513/

CRITICAL:
Less critical

IMPACT:
Privilege escalation

WHERE:
Local system

SOFTWARE:
ZoneAlarm 6.x
http://secunia.com/product/5806/
ZoneAlarm 7.x
http://secunia.com/product/13889/
ZoneAlarm 5.x
http://secunia.com/product/4647/
ZoneAlarm Pro 5.x
http://secunia.com/product/4280/
ZoneAlarm Pro 6.x
http://secunia.com/product/6071/
ZoneAlarm Security Suite 5.x
http://secunia.com/product/4272/
ZoneAlarm 2.x
http://secunia.com/product/3056/
ZoneAlarm 3.x
http://secunia.com/product/153/
ZoneAlarm 4.x
http://secunia.com/product/150/
ZoneAlarm Anti-Spyware 6.x
http://secunia.com/product/6073/
ZoneAlarm Antivirus 5.x
http://secunia.com/product/4271/
ZoneAlarm Antivirus 6.x
http://secunia.com/product/6074/
ZoneAlarm Internet Security Suite 6.x
http://secunia.com/product/6072/
ZoneAlarm Plus 3.x
http://secunia.com/product/3057/
ZoneAlarm Plus 4.x
http://secunia.com/product/151/
ZoneAlarm Pro 2.x
http://secunia.com/product/152/
ZoneAlarm Pro 3.x
http://secunia.com/product/1960/
ZoneAlarm Pro 4.x
http://secunia.com/product/1961/
ZoneAlarm Wireless Security 5.x
http://secunia.com/product/4648/

DESCRIPTION:
Some vulnerabilities and a security issue have been reported in
ZoneAlarm products, which can be exploited by malicious, local users
to gain escalated privileges.

1) Insufficient address space verification within the 0x8400000F and
0x84000013 IOCTL handlers of vsdatant.sys and insecure permissions on
the "\\.\vsdatant" device interface can be exploited to e.g. access
the said IOCTL handlers and overwrite arbitrary memory and execute
code with kernel privileges.

These vulnerabilities are reported in Check Point Zone Labs Zone
Alarm Free including vsdatant.sys version 6.5.737.0. Other versions
may also be affected.

2) Insecure default Access Control List (ACL) settings when ZoneAlarm
tools are installed can be exploited to gain escalated privileges by
replacing certain files.

The security issue is reported in ZoneAlarm Security Suite
5.5.062.004 and 6.5.737. Other versions may also be affected.

SOLUTION:
Update to version 7.0.362.
http://www.zonealarm.com/store/content/catalog/download_buy.jsp?dc=12bms&ctry=US&lang=en

PROVIDED AND/OR DISCOVERED BY:
1) Ruben Santamarta, reported via iDefense Labs.
2) Discovered by an anonymous person and reported via iDefense Labs.

ORIGINAL ADVISORY:
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=584
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=585

Reversemode:
http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=53

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------