[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro. (ZA will fail to load)

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro. (ZA will fail to load)
From: Chris Smith <chris.rs@xxxxxxxxxx>
Date: Mon, 23 Aug 2004 22:02:34 +1200

On Mon, 23 Aug 2004 07:11, bipin gautam wrote:
> Not really, I've discoverd a NTFS feature (BUG?).
> well... If you have system/administrative privilages
> in a disk.... you can read/modify a file even though
> it has "EVERYONE: DENY" permission set.

OMFG!! REISERFS HAS THE SAME EXPLOIT!!!!

CHECK OUT MY POC!

chris@chris h4x0r $ echo "bipin sucks" >> hax
chris@chris h4x0r $ chmod -rwx hax
chris@chris h4x0r $ ls -alo hax
----------  1 chris 12 Aug 23 21:58 hax
chris@chris h4x0r $ cat hax
cat: hax: Permission denied
chris@chris h4x0r $ sudo cat hax
bipin sucks
chris@chris h4x0r $

Superuser means _SUPERUSER_ (or administrator).

Not a bug, not a feature. It just is.

Chris.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro. (ZA will fail to load)
  - From: James Greenhalgh

References:
- Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro. (ZA will fail to load)
  - From: bipin gautam

Prev by Date: Re: [Full-Disclosure] Safari/WebCore Content Sniffing
Next by Date: Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro. (ZA will fail to load)
Previous by thread: Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro. (ZA will fail to load)
Next by thread: Re: [Full-Disclosure] Unsecure file permission of ZoneAlarm pro. (ZA will fail to load)
Index(es):
- Date
- Thread