---------------------------------------------------------------------- BETA test the new Secunia Personal Software Inspector! The Secunia PSI detects installed software on your computer and categorises it as either Insecure, End-of-Life, or Up-To-Date. Effectively enabling you to focus your attention on software installations where more secure versions are available from the vendors. Download the free PSI BETA from the Secunia website: https://psi.secunia.com/ ---------------------------------------------------------------------- TITLE: ZoneAlarm Products Insecure Directory Permissions and IOCTL Handler Privilege Escalation SECUNIA ADVISORY ID: SA26513 VERIFY ADVISORY: http://secunia.com/advisories/26513/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: ZoneAlarm 6.x http://secunia.com/product/5806/ ZoneAlarm 7.x http://secunia.com/product/13889/ ZoneAlarm 5.x http://secunia.com/product/4647/ ZoneAlarm Pro 5.x http://secunia.com/product/4280/ ZoneAlarm Pro 6.x http://secunia.com/product/6071/ ZoneAlarm Security Suite 5.x http://secunia.com/product/4272/ ZoneAlarm 2.x http://secunia.com/product/3056/ ZoneAlarm 3.x http://secunia.com/product/153/ ZoneAlarm 4.x http://secunia.com/product/150/ ZoneAlarm Anti-Spyware 6.x http://secunia.com/product/6073/ ZoneAlarm Antivirus 5.x http://secunia.com/product/4271/ ZoneAlarm Antivirus 6.x http://secunia.com/product/6074/ ZoneAlarm Internet Security Suite 6.x http://secunia.com/product/6072/ ZoneAlarm Plus 3.x http://secunia.com/product/3057/ ZoneAlarm Plus 4.x http://secunia.com/product/151/ ZoneAlarm Pro 2.x http://secunia.com/product/152/ ZoneAlarm Pro 3.x http://secunia.com/product/1960/ ZoneAlarm Pro 4.x http://secunia.com/product/1961/ ZoneAlarm Wireless Security 5.x http://secunia.com/product/4648/ DESCRIPTION: Some vulnerabilities and a security issue have been reported in ZoneAlarm products, which can be exploited by malicious, local users to gain escalated privileges. 1) Insufficient address space verification within the 0x8400000F and 0x84000013 IOCTL handlers of vsdatant.sys and insecure permissions on the "\\.\vsdatant" device interface can be exploited to e.g. access the said IOCTL handlers and overwrite arbitrary memory and execute code with kernel privileges. These vulnerabilities are reported in Check Point Zone Labs Zone Alarm Free including vsdatant.sys version 6.5.737.0. Other versions may also be affected. 2) Insecure default Access Control List (ACL) settings when ZoneAlarm tools are installed can be exploited to gain escalated privileges by replacing certain files. The security issue is reported in ZoneAlarm Security Suite 5.5.062.004 and 6.5.737. Other versions may also be affected. SOLUTION: Update to version 7.0.362. http://www.zonealarm.com/store/content/catalog/download_buy.jsp?dc=12bms&ctry=US&lang=en PROVIDED AND/OR DISCOVERED BY: 1) Ruben Santamarta, reported via iDefense Labs. 2) Discovered by an anonymous person and reported via iDefense Labs. ORIGINAL ADVISORY: iDefense Labs: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=584 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=585 Reversemode: http://www.reversemode.com/index.php?option=com_remository&Itemid=2&func=fileinfo&id=53 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------