Check Point Zone Labs Multiple Products Local Privilege Escalation Vulnerabilities

Bugtraq ID:	25365
Class:	Unknown
CVE:	CVE-2007-4216 CVE-2005-2932
Remote:	No
Local:	Yes
Published:	Aug 20 2007 12:00AM
Updated:	Oct 14 2008 05:57PM
Credit:	Ruben Santamarta is credited with discovering the 'vsdatant.sys' issues. The discoverer of the service ACL issue wishes to remain anonymous.
Vulnerable:	Zone Labs ZoneAlarm Security Suite 6.5.737 Zone Labs ZoneAlarm Security Suite 6.5.722 Zone Labs ZoneAlarm Security Suite 6.1.744 .000 Zone Labs ZoneAlarm Security Suite 6.1.737 Zone Labs ZoneAlarm Security Suite 5.5.62 Zone Labs ZoneAlarm Security Suite 5.5 .062.011 Zone Labs ZoneAlarm Security Suite 5.5 .062 Zone Labs ZoneAlarm Security Suite 5.5 Zone Labs ZoneAlarm Security Suite 5.1 Zone Labs ZoneAlarm Pro with Web Filtering 4.5.594 Zone Labs ZoneAlarm Pro 6.0 Zone Labs ZoneAlarm Pro 5.5 .062.011 Zone Labs ZoneAlarm Pro 5.5 .062 Zone Labs ZoneAlarm Pro 5.1 Zone Labs ZoneAlarm Pro 5.0.590 .015 Zone Labs ZoneAlarm Pro 4.5 .538.001 Zone Labs ZoneAlarm Pro 4.5 Zone Labs ZoneAlarm Pro 4.0 Zone Labs ZoneAlarm Pro 3.1 Zone Labs ZoneAlarm Pro 3.0 Zone Labs ZoneAlarm Pro 2.6 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Zone Labs ZoneAlarm Pro 2.4 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Zone Labs ZoneAlarm Pro 7.0.302.000 Zone Labs ZoneAlarm Pro 6.5.737.000 Zone Labs ZoneAlarm Pro 6.1.744.001 Zone Labs ZoneAlarm Plus 4.5 .538.001 Zone Labs ZoneAlarm Plus 4.0 Zone Labs ZoneAlarm Internet Security Suite 6.0 Zone Labs ZoneAlarm for Windows XP 2.6 Zone Labs ZoneAlarm For Windows NT 4.0 2.6 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Zone Labs ZoneAlarm For Windows NT 4.0 2.5 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Zone Labs ZoneAlarm For Windows NT 4.0 2.4 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Zone Labs ZoneAlarm For Windows NT 4.0 2.3 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Zone Labs ZoneAlarm For Windows NT 4.0 2.2 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Zone Labs ZoneAlarm For Windows NT 4.0 2.1 Zone Labs ZoneAlarm for Windows 98 2.6 Zone Labs ZoneAlarm for Windows 98 2.5 Zone Labs ZoneAlarm for Windows 98 2.4 Zone Labs ZoneAlarm for Windows 98 2.3 Zone Labs ZoneAlarm for Windows 98 2.2 Zone Labs ZoneAlarm for Windows 98 2.1 Zone Labs ZoneAlarm for Windows 95 2.6 Zone Labs ZoneAlarm for Windows 95 2.5 Zone Labs ZoneAlarm for Windows 95 2.4 Zone Labs ZoneAlarm for Windows 95 2.3 Zone Labs ZoneAlarm for Windows 95 2.2 Zone Labs ZoneAlarm for Windows 95 2.1 Zone Labs ZoneAlarm for Windows 95 1.0 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Zone Labs ZoneAlarm Antivirus 6.0 Zone Labs ZoneAlarm Antivirus Zone Labs ZoneAlarm Anti-Spyware 6.1 Zone Labs ZoneAlarm Anti-Spyware 6.0 Zone Labs ZoneAlarm 6.5.737 Zone Labs ZoneAlarm 6.0 Zone Labs ZoneAlarm 5.5 .062.011 Zone Labs ZoneAlarm 5.1 Zone Labs ZoneAlarm 4.5 .538.001 Zone Labs ZoneAlarm 4.0 Zone Labs ZoneAlarm 3.7 .202 Zone Labs ZoneAlarm 3.1 Zone Labs ZoneAlarm 3.0 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Zone Labs ZoneAlarm 2.6 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Zone Labs ZoneAlarm 2.5 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Zone Labs ZoneAlarm 2.4 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Zone Labs ZoneAlarm 2.3 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Zone Labs ZoneAlarm 2.2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Zone Labs ZoneAlarm 2.1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0
Not Vulnerable:	Zone Labs ZoneAlarm 7.0.362

Check Point Zone Labs Multiple Products Local Privilege Escalation Vulnerabilities

Multiple Check Point Zone Labs products are prone to multiple local privilege-escalation vulnerabilities.

Successfully exploiting these issues allows local attackers to execute arbitrary code with elevated privileges, facilitating the complete compromise of affected computers.

The following are vulnerable:

- Versions prior to ZoneAlarm 7.0.362
- Zone Labs products that include 'vsdatant.sys' 6.5.737.0.

Check Point Zone Labs Multiple Products Local Privilege Escalation Vulnerabilities

The service file ACL issue does not require specific exploit code.

DSquare Security has developed a working commercial exploit for its D2 Exploitation Pack product. This exploit is not otherwise publicly available or known to be circulating in the wild.

Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.

Check Point Zone Labs Multiple Products Local Privilege Escalation Vulnerabilities

Solution:
Reports indicate that the vendor addressed these issues in versions 7.0.362 and higher of ZoneAlarm products. Symantec has not confirmed this. Please contact the vendor for more information.

Check Point Zone Labs Multiple Products Local Privilege Escalation Vulnerabilities

References:

• Check Point Zone Labs Multiple Products Privilege Escalation Vulnerability (iDefense Labs)
  
• Check Point Zone Labs VSDATANT Multiple IOCTL Privilege Escalation Vulnerabiliti (iDefense Labs)
  
• Zone Labs Homepage (Zone Labs)
  
• [Reversemode Advisory] CheckPoint ZoneLabs Vsdatant.sys multiple local privilege (Reversemode )
  
• iDefense Security Advisory 08.20.07: Check Point Zone Labs Multiple Products Pri (iDefense Labs )
  
• iDefense Security Advisory 08.20.07: Check Point Zone Labs VSDATANT Multiple IOC (iDefense Labs )
  
• Zone Alarm Homepage (Check Point )