SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Security)  >   Fortres 101 Vendors:   Fortres Grand
Fortres 101 Disk Security Software Bug Lets Local Users Gain Unrestriced Disk Access
SecurityTracker Alert ID:  1005766
SecurityTracker URL:  http://securitytracker.com/id/1005766
CVE Reference:   CVE-2002-2275   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Dec 5 2002
Impact:   User access via local system
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 4.1 (Build 512)
Description:   A vulnerability was reported in the Fortres 101 hard disk security software. A local user can bypass the security restrictions and gain access to the contents of the hard disk.

It is reported that a local user can hold down the WINDOWS + F key combination for an extended period of time (~30 seconds) to cause multiple explorer windows to open. This will cause explorer.exe to crash and then a new, unrestricted version of explorer to open. The Fortres security restrictions apparently do not apply to the new explorer window.
Impact:   A local user can gain access to an unrestricted explorer window, bypassing the Fortres security features.
Solution:   No solution was available at the time of this entry. The vendor is reportedly working on a fix.

As a workaround, the report indicates that you can prevent the operating system from automatically restarting a crashed explorer.exe by changing the value "AutoRestartShell" to "0" in the registry key at HKLM\Software\Microsoft\Windows NT\Current Version\Winlogon. This workaround only applies if the user is not able to launch the task manager manually by pressing CTRL-ALT-DEL.
Vendor URL:  www.fortres.com/products/fortres_101.htm (Links to External Site)
Cause:   Exception handling error, State error
Underlying OS:   Windows (Me), Windows (2000), Windows (XP)

Message History:   None.

 Source Message Contents
Date:  Wed, 4 Dec 2002 23:52:11 -0500
Subject:  How to disable Fortres 4.1


Description
-----------
It is possible to disable Fortres 4.1 (Build 512) by holding down the
WINDOWS + F key combination for longer periods of time (~30 seconds).
Please see "Details" for more details.

Vendor Status
-------------
The vendor has confirmed this to be a problem in product listed below.
A workaround exists and future versions of this product will not
experience this problem due to internal changes/improvements of the
software.

Platform
--------
Vendor:          Fortres Grand Corporation, http://www.fortres.com
Product Name:    Fortres 4.1, Build 512
Platform tested: Windows 2000, SP2
Hardware tested: Dell Optiplex GX260's with 1.7G Celeron processors, a
keyboard with the WINDOWS key

Details
-------
If you press the WINDOWS key + F combination then usually the FIND
window comes up. However on most Fortres installations "explorer" and
the FIND dialog box are disabled, as a result the FIND window
immediately closes - you hardly get to see it. However, if you keep
the WIN+F key combination pressed for a minute or so, dozens of these
windows show up and get closed again immediately. At some point,
depending on the machine between 20 seconds and one minute
(approximately), explorer.exe crashes. Subsequently the Operating
System relaunches a new (unprotected) version of explorer.exe. At this
point Fortress does not seem to be active anymore and the user can do
things one is not supposed to.

Workaround
----------
It is possible to prevent the operating system from automatically
restarting a crashed explorer.exe. Change the value "AutoRestartShell"
to "0" in the registry key at HKLM\Software\Microsoft\Windows
NT\Current Version\Winlogon. This works if the user is not able to
launch the task manager manually by pressing CTRL-ALT-DEL which in
turn would allow the user to launch a new explorer.exe manually.

Another option would be to remove the WINDOWS keys from the keyboard.

Verification
------------
We have tried this out on different machines, the results were the
same on all of them. The only difference was the time it took
explorer.exe to crash.

Thanks
------
Thanks to Joan for verifying this problem, thanks to Chris from
Fortres for working together on this issue.



Best regards,

Ingmar Koecher.
 ____________________________
         NETIKUS.NET
 Software & Network Solutions

   343 W. Milltown PMB 165
      Wooster, OH 44691
 ____________________________

oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Delivery co-sponsored by TruSecure Corporation
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Demonstrate your knowledge and understanding of core IT Security, become
TICSA certified.

Are you responsible for IT security in job function, but not necessarily
in title? Do you want to prove your IT security knowledge and increase
opportunities? Interested? Visit;

http://www.trusecure.com/solutions/certifications/ticsa/

for more information.
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC