ZoneAlarm安全组件权限提升漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195734 漏洞类型 设计错误
发布时间 2006-03-14 更新时间 2006-03-15
CVE编号 CVE-2006-1221 CNNVD-ID CNNVD-200603-259
漏洞平台 N/A CVSS评分 6.2
|漏洞来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200603-259
|漏洞详情
ZoneAlarm是一款个人电脑防火墙,能保护个人数据和隐私安全。ZoneAlarm的TrueVector服务在启动加载DLL时存在问题,攻击者可能利用此漏洞在主机上执行权限提升攻击。在Windows启动过程中ZoneAlarm的TrueVector服务(vsmon.exe)被设置为自动启动。TrueVector服务是以本地系统帐号权限运行的,在启动过程中会试图加载以下几个DLL:-VSUTIL_Loc0409_Oem8701.dll-VSUTIL_Oem8701.dll-VSUTIL_Loc0409.dll-vsmon_Loc0409_Oem8701.dll-vsmon_Oem8701.dll-vsmon_Loc0409.dll-VSRULEDB_Loc0409_Oem8701.dll-VSRULEDB_Oem8701.dll-VSRULEDB_Loc0409.dll-av_Loc0409_Oem8701.dll-av_Oem8701.dll-av_Loc0409.dll-zlquarantine_Loc0409_Oem8701.dll-zlquarantine_Oem8701.dll-zlquarantine_Loc0409.dll-zlsre_Loc0409_Oem8701.dll-zlsre_Oem8701.dll-zlsre_Loc0409.dll在加载进程过程中没有使用到DLL的完整路径,而仅使用了DLL的名称,这可能导致vsmon.exe进程权限提升。
|参考资料

来源:BUGTRAQ
名称:20060309StatementRegardingReportedLocalEscalationofPrivilegesVulnerabilityforZoneAlarm
链接:http://www.securityfocus.com/archive/1/archive/1/427309/100/0/threaded
来源:BUGTRAQ
名称:20060309Re:18waystoescalateprivilegesinZoneLabsZoneAlarmSecuritySuitebuild6.1.744.000
链接:http://www.securityfocus.com/archive/1/archive/1/427145/100/0/threaded
来源:BUGTRAQ
名称:2006030818waystoescalateprivilegesinZoneLabsZoneAlarmSecuritySuitebuild6.1.744.000
链接:http://www.securityfocus.com/archive/1/archive/1/427122/100/0/threaded
来源:VUPEN
名称:ADV-2006-0947
链接:http://www.frsirt.com/english/advisories/2006/0947
来源:SECTRACK
名称:1015743
链接:http://securitytracker.com/id?1015743
来源:MISC
链接:http://reedarvin.thearvins.com/20060308-01.html
来源:XF
名称:zonealarm-path-gain-privileges(25097)
链接:http://xforce.iss.net/xforce/xfdb/25097
来源:BID
名称:17037
链接:http://www.securityfocus.com/bid/17037