ZoneAlarm News..

Some interesting news for ZoneAlarm users...

formatting link

Reply to
Kerodo
Loading thread data ...

| 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite | build 6.1.744.000

formatting link
| Details: | During Windows startup the TrueVector service (vsmon.exe - an integral | piece of most Zone Labs products) is set to startup automatically. The | TrueVector service runs under the context of the Local System account. | During its startup process it attempts to load several DLLs (that are | listed below). | ... | It appears that instead of using the full path to the DLL during the | load process only the name of the DLL is used. This causes several | instances of Windows PATH trolling (where Windows tries to locate the | DLL in the directories listed in its PATH environment variable on | behalf of the vsmon.exe process). This PATH trolling is what makes the | vsmon.exe process vulnerable to several privilege escalation | techniques. | ... | Patches/Workarounds: | The vendor was notified several times but there was no response. The | initial notification was sent on 12.20.05. Two follow-up notifications | were sent afterward.

I see that my effort to circumvent Zone Alarm was gratuitous - it is very easy to use Zone Alarm itself to install a root kit and then 0wn the complete box.

Yours, VB.

Reply to
Volker Birk

Pretty amazing for something that's supposed to be 'security' software.. ;)

>
Reply to
Kerodo

Actually, the only thing amazing here is ZoneLabs has been pulling these shenanigans for years & yet there's no shortage of suckers that continue to use their software.

Reply to
gray.wizard

Hello

Could you suggest an alternative? - preferably free or "not too expensive", tight budget :-(

Thanks

Echy Melbourne, Australia

Reply to
Echy

Should have said, I use Windows 2000 not XP

Reply to
Echy

Sygate (free)is still alive and well.

formatting link

Reply to
Casey

formatting link
or

formatting link
Yours, VB.

Reply to
Volker Birk

I note that the affected versions are 6.1 and earlier. Are current versions still affected?

Scott Peterson

-- If love is blind, why is lingerie so popular?

(356/689)

Reply to
Scott Peterson

The version mentioned in the article (6.1.744) IS the current version... so the answer is yes..

Reply to
Kerodo

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.