In association with heise online

21 August 2007, 10:37

Privilege escalation in ZoneAlarm

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security service provider iDefense has reported vulnerabilities in multiple versions of ZoneAlarm security products from CheckPoint. Local users can exploit the vulnerabilities to elevate their system privileges and ultimately take complete control of the system.

One vulnerability affects ZoneAlarm 5.5 and 6.5. During installation, the software sets the access privileges of the files in the program directory in such a manner that they can be changed by anyone. Users with restricted privileges can thereby, for example, replace one of the software services with their own programme and execute it in kernel mode.

The second vulnerability affects the ZoneAlarm 6.5 TrueVector engine firewall driver vsdatant.sys. This does not correctly verify user-supplied data in Interrupt Request Packets (IRPs) to the Input-Output Controls (IOCTLs), whereby local attackers can overwrite arbitrary memory areas.

According to iDefense, with Version 7.0.362 CheckPoint eliminated the vulnerabilities in all products. The current version is, however, ZoneAlarm 7.1, which runs under Vista. Users of older ZoneAlarm versions should consider updating to Version 7.1, since attackers on the system can exploit the vulnerabilities to completely compromise the computer.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit