[14545] in bugtraq
bugs in Panda Security 3.0
daemon@ATHENA.MIT.EDU (|Zan)
Mon Apr 17 17:02:51 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <38FB45F2.550EA000@teleline.es>
Date: Mon, 17 Apr 2000 19:12:18 +0200
Reply-To: |Zan <izan@TELELINE.ES>
From: |Zan <izan@TELELINE.ES>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
DeepZone Security Advisory
Advisory Name: Panda Security 3.0
Advisory Released: [00/04/17]
Application: Panda Security 3.0
(build 3.0.0.71/96) on Win9x
Severity: local logged user can get
Administrator privileges.
Product can be uninstalled.
Status: Vendor contacted. Fix provided
by the vendor.
Authors: izan@galaxycorp.com
thewizard@pagina.de
WWW: http://deepzone.cjb.net
OVERVIEW
Panda Security 3.0's all builds ('<3.0.2.0') present several
important vulnerabilities. Any local logged user can override
his/her privileges. Any local logged user can become
Administrator in a system running Panda Security 3.0.
BACKGROUND
Ideas, exploits & rootkit were tested against Panda Security's
spanish versions (builds 3.0.0.71/96).
DETAILS
Panda Security 3.0 is vulnerable to indirect key merging. Critical
keys protecting this product can be override easily. A programming
error doesn't protect these keys in registry so any local logged
user can introduce new values overriding original values.
Other bug found in Panda Security will let uninstall this product
without any problem. Panda Security doesn't check wininit.exe
activity so any software (including Panda Security) can be
uninstalled by any generic uninstaller.
Full details, exploits and a patch to keep PS's full control can
be found in ...
http://deepzone.cjb.net
FIXES/PATCHES
Panda Software was contacted two weeks ago. Patches and a new
release (3.0.2.0) will be available soon fixing these bugs in ...
http://www.pandasoftware.es (spanish version)
http://www.pandasoftware.com (international version)
Official releases list provided directly by Panda Software is ...
3.0.0.77 Simo 99 => Vulnerable
3.0.0.90 Multimedia Ediciones => Vulnerable
3.0.0.96 January 2000 => Vulnerable
3.0.0.97 => Vulnerable
3.0.0.100 => Vulnerable
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 Int. for non-commercial use
<http://www.pgpinternational.com>
iQA/AwUBOPsOX35dnZe79rC4EQL3pACg37UjzpXuqssagp1X38pirPpyNnsAoOCL
hYUJn8YjUT5nrVsmDdzPd1RP
=Kpcr
-----END PGP SIGNATURE-----
--
|Zan / DeepZone (tm) - Digital Security Center
http://www.deepzone.org - http://mareasvivas.cjb.net
PGP key fingerprint:
AD 97 A6 AB DC BB D2 CF 89 AE 0A 88 7E 5D 9D 97 BB F6 B0 B8
--=[ ... toda la vida buscando respuestas ... y cuando por fin
las encuentras ... cambian las preguntas ]=--
