|
WatchGuard ServerLock Protection Bypass
|
|
Secunia Advisory:
|
SA9310
|
|
|
Release Date:
|
2003-07-21
|
|
Popularity:
|
6,832 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | WatchGuard ServerLock 2.0
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
Multiple vulnerabilities have been identified in WatchGuard ServerLock allowing malicious users to install rootkits.
One problem is that ServerLock only protects the actual executable file and not the running process. This can be exploited to load arbitrary DLL's, because the "ZwSetSystemInformation()" doesn't require driver keys to exist in the registry.
Another problem is that it is possible to access "\Device\PhysicalMemory" by creating symlinks to it.
Solution:
Version 2.0.4 is not vulnerable. The updated version should be available from:
https://www.watchguard.com/archive/softwarecenter.asp
Provided and/or discovered by:
Jan Rutkowski
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
