August 22nd, 2007
Trend Micro, Zone Labs, ClamAV join list of insecure security products
Add Trend Micro, Check Point Zone Labs and ClamAV to the long list of security products that put end users at risk of malicious hacker attacks.
The three vendors have all acknowledged various security vulnerabilities in a range of desktop and server products that could lead to arbitrary code execution, privilege escalation or denial-of-service conditions.
Trend Micro, which specializes in virus protection software, has issued patches for ServerProtect and the PC-cillin suite.
[SEE: Can you really trust your security vendor? ]
The ServerProtect update, rated “moderately critical” by Secunia, covers boundary errors and integer overflow errors that could be exploited to launch harmful code on a vulnerable installation. Two separate alerts from iDefense (here and here) outline the details and potential risks.
iDefense has also discovered about a remotely exploitable buffer overflow in Trend Micro Inc.’s SSAPI Engine that could allow attackers to execute arbitrary code with system level privileges.
The latest black-eye for security vendors has also affected Check Point Zone Labs. From an iDefense alert:
Local exploitation of an insecure permission vulnerability in multiple Check Point Zone Labs products allows attackers to escalate privileges or disable protection.
The vulnerability specifically exists in the default file Access Control List (ACL) settings that are applied during installation. When an administrator installs any of the Zone Labs ZoneAlarm tools, the default ACL allows any user to modify the installed files. Some of the programs run as system services. This allows a user to simply replace an installed ZoneAlarm file with their own code that will later be executed with system-level privileges.
Exploitation allows local attackers to escalate privileges to the system level. It is also possible to use this vulnerability to simply disable protection by moving all of the executable files so that they cannot start on a reboot.
ClamAV, the open-source anti-virus toolkit recently acquired by Sourcefire, has also struggled with security problems that could lead to sudden denial-of-service crashes. Secunia rates the ClamAV issues as “moderately critical.”
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
