SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   FreezeX Vendors:   Faronics Corporation
FreezeX File Permissions Let Local Administrators Disable the Service
SecurityTracker Alert ID:  1012699
SecurityTracker URL:  http://securitytracker.com/id/1012699
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Jun 27 2005
Original Entry Date:  Dec 24 2004
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 1.00.100.0666
Description:   A vulnerability was reported in FreezeX. A local administrative user can permanently disable the FreezeX security protections.

Xenzeo reported that a local user with administrative privileges can overwrite a database file (db.fzx) in the 'C:\Program Files\Faronics\FreezeX\' directory to cause FreezeX to stop working. The software must be reinstalled to return to normal operations.

A demonstration exploit is provided:

C:\> echo "diediedie" > C:\Program Files\Faronices\Freezex\db.fzx

[Editor's note: The product name has changed to 'Faronics Anti-Executable'.]

Impact:   A local administrative user can disable FreezeX.
Solution:   The vendor has issued a fix.

[Editor's note: The product name has changed to 'Faronics Anti-Executable'.]

Vendor URL:  www.faronics.com/html/Freezex.asp (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-Disclosure] FreezeX file access vulnerability


Affected Products:
	Faronics FreezeX v. 1.00.100.0666
	(http://www.faronics.com/html/Freezex.asp)

Author:
	Xenzeo


FreezeX is a program that promise, it can prevent executable files from 
beeing run on windows OS.


FreezeX has a database of every file from when it was installed (db.fzx) 
this file i located in C:\Program Files\Faronics\FreezeX\db.fzx, this 
file seems inaccessable, when trying accessing this directory, windows 
reports Access Denied from "dos" and windows.

Though one with administrative access can simply overwrite this file
with misc data, resulting in killing FreezeX


Proof Of Concept:

C:\> echo "diediedie" > C:\Program Files\Faronices\Freezex\db.fzx

	Reboot windows, and FreezeX can no longer determine what
	files have permission to be run, and needs to be reinstalled
	to work again.


Vender status:
	Faronics know of this and promises it will be fixed shortly.

-Xenzeo
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC