Check Point - Zone Labs Division:
Response to "Weak Default Permissions Vulnerability"
Summary
Zone Labs ZoneAlarm family of products and Check Point
Integrity endpoint security client software use the
folder "%WINDOWS%\Internet Logs" to store a copy of
logging information and the locally stored security
policy. Zone Labs security clients do NOT rely upon
NTFS file ownership and permissions to protect logging
and policy files stored in this folder. Key files
are protected by the security client itself. Logging
and policy information cannot be altered as the result
of weak file ownership or permissions.
Details
Zone Labs security clients write logging information
to an unprotected file named ZAlog*.txt as a convenient
way for the local user to observe recent events.
However, all logged events are also stored in another
file that is protected.
ZoneAlarm product family users may review the contents
of the protected log file with the client user interface.
Integrity server collects security client logs from the
protected log files at regular intervals. Administrators
may review the logged information via the Integrity
Administration console.
Zone Labs, a Check Point Company, regards the security
of our products and services very seriously and responds
to all reports of security matters as soon as possible.
To contact the Zone Labs product security team, please
contact security_at_zonelabs.com.
Received on Aug 27 2004
Intro
