TUCoPS :: Security App Flaws :: hack0037.htm

Check Point - Zone Labs Division - Response to "Weak Default Permissions vuln"
Check Point - Zone Labs Division - Response to "Weak Default Permissions Vulnerability" 


Check Point - Zone Labs Division:
Response to "Weak Default Permissions Vulnerability"

Summary

Zone Labs ZoneAlarm family of products and Check Point 
Integrity endpoint security client software use the 
folder "%WINDOWS%\Internet Logs" to store a copy of 
logging information and the locally stored security 
policy.  Zone Labs security clients do NOT rely upon 
NTFS file ownership and permissions to protect logging 
and policy files stored in this folder.  Key files 
are protected by the security client itself.  Logging 
and policy information cannot be altered as the result 
of weak file ownership or permissions.  


Details

Zone Labs security clients write logging information 
to an unprotected file named ZAlog*.txt as a convenient 
way for the local user to observe recent events.   
However, all logged events are also stored in another 
file that is protected.

ZoneAlarm product family users may review the contents 
of the protected log file with the client user interface. 

Integrity server collects security client logs from the 
protected log files at regular intervals.  Administrators 
may review the logged information via the Integrity 
Administration console.  

Zone Labs, a Check Point Company, regards the security 
of our products and services very seriously and responds 
to all reports of security matters as soon as possible.  
To contact the Zone Labs product security team, please 
contact security@zonelabs.com.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH