{"id": "ZONE_ALARM_LOCAL_DOS.NASL", "bulletinFamily": "scanner", "title": "ZoneAlarm Pro Configuration File/Directory Permission Weakness DoS", "description": "This host is running a version of ZoneAlarm Pro that contains a flaw which may\nallow a local denial of service. To exploit this flaw, an attacker would need\nto tamper with the files located in %windir%/Internet Logs. An attacker may\nmodify them and prevent ZoneAlarm from starting up properly.", "published": "2004-09-15T00:00:00", "modified": "2021-02-02T00:00:00", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "href": "https://www.tenable.com/plugins/nessus/14726", "reporter": "This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.", "references": ["https://seclists.org/fulldisclosure/2004/Aug/911"], "cvelist": ["CVE-2004-2713"], "type": "nessus", "lastseen": "2021-02-01T07:40:25", "edition": 25, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-2713"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231014726", "OPENVAS:14726"]}, {"type": "osvdb", "idList": ["OSVDB:9761"]}], "modified": "2021-02-01T07:40:25", "rev": 2}, "score": {"value": 5.3, "vector": "NONE", "modified": "2021-02-01T07:40:25", "rev": 2}, "vulnersScore": 5.3}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(14726);\n script_version(\"1.17\");\n\n script_cve_id(\"CVE-2004-2713\");\n\n script_name(english:\"ZoneAlarm Pro Configuration File/Directory Permission Weakness DoS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This host is running a firewall with a denial of service vulnerability.\" );\n script_set_attribute(attribute:\"description\", value:\n\"This host is running a version of ZoneAlarm Pro that contains a flaw which may\nallow a local denial of service. To exploit this flaw, an attacker would need\nto tamper with the files located in %windir%/Internet Logs. An attacker may\nmodify them and prevent ZoneAlarm from starting up properly.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2004/Aug/911\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the latest version of this software.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/09/15\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2004/08/20\");\n script_cvs_date(\"Date: 2018/11/15 20:50:22\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"local\");\nscript_end_attributes();\n\n \n script_summary(english:\"Check ZoneAlarm Pro version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Firewalls\");\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n exit(0);\n}\n\n\nif ( ! get_kb_item(\"SMB/Registry/Enumerated\") ) exit(1);\n\nkey = \"SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/ZoneAlarm Pro/DisplayName\";\nkey2 = \"SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/ZoneAlarm Pro/DisplayVersion\";\n\nif (get_kb_item (key))\n{\n version = get_kb_item (key2);\n if (version)\n {\n set_kb_item (name:\"zonealarm/version\", value:version);\n\n if(ereg(pattern:\"[1-4]\\.|5\\.0\\.|5\\.1\\.\", string:version))\n {\n security_warning(0);\n }\n }\n}\n", "naslFamily": "Firewalls", "pluginID": "14726", "cpe": [], "scheme": null}

{"cve": [{"lastseen": "2021-02-02T05:23:01", "description": "** DISPUTED ** Zone Alarm Pro 1.0 through 5.1 gives full access to %windir%\\Internet Logs\\* to the EVERYONE group, which allows local users to cause a denial of service by modifying the folder contents or permissions. NOTE: this issue has been disputed by the vendor, who claims that it does not affect product functionality since the same information is also saved in a protected file.", "edition": 4, "cvss3": {}, "published": "2004-12-31T05:00:00", "title": "CVE-2004-2713", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-2713"], "modified": "2017-07-29T01:29:00", "cpe": ["cpe:/a:zonelabs:zonealarm:1.0"], "id": "CVE-2004-2713", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2713", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:zonelabs:zonealarm:1.0:*:pro:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-02T21:09:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-2713"], "description": "ZoneAlarm Pro firewall runs on this host.\n\nThis version contains a flaw that may allow a local denial of service. To\nexploit this flaw, an attacker would need to temper with the files located in\n%windir%/Internet Logs. An attacker may modify them and prevent ZoneAlarm\nto start up properly.", "modified": "2017-03-06T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:14726", "href": "http://plugins.openvas.org/nasl.php?oid=14726", "type": "openvas", "title": "ZoneAlarm Pro local DoS", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: zone_alarm_local_dos.nasl 5499 2017-03-06 13:06:09Z teissa $\n# Description: ZoneAlarm Pro local DoS\n#\n# Authors:\n# David Maciejak <david dot maciejak at kyxar dot fr>\n# based on work from (C) Tenable Network Security\n#\n# Copyright:\n# Copyright (C) 2004 David Maciejak\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ntag_summary = \"ZoneAlarm Pro firewall runs on this host.\n\nThis version contains a flaw that may allow a local denial of service. To\nexploit this flaw, an attacker would need to temper with the files located in\n%windir%/Internet Logs. An attacker may modify them and prevent ZoneAlarm\nto start up properly.\";\n\ntag_solution = \"Upgrade to the latest version of this software\";\n\n# Ref: bipin gautam <visitbipin@yahoo.com>\n\nif(description)\n{\n script_id(14726);\n script_version(\"$Revision: 5499 $\");\n script_cve_id(\"CVE-2004-2713\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-03-06 14:06:09 +0100 (Mon, 06 Mar 2017) $\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_xref(name:\"OSVDB\", value:\"9761\");\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"ZoneAlarm Pro local DoS\");\n \n desc = \"\n Summary:\n \" + tag_summary + \"\n Solution:\n \" + tag_solution;\n\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_copyright(\"This script is Copyright (C) 2004 David Maciejak\");\n script_family(\"Firewalls\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n## includes\ninclude(\"cpe.inc\");\ninclude(\"host_details.inc\");\n\n## Constant values\nSCRIPT_OID = \"1.3.6.1.4.1.25623.1.0.14726\";\nSCRIPT_DESC = \"ZoneAlarm Pro local DoS\";\n\nif ( ! get_kb_item(\"SMB/Registry/Enumerated\") ) exit(1);\n\nkey = \"SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/ZoneAlarm Pro/DisplayName\";\nkey2 = \"SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/ZoneAlarm Pro/DisplayVersion\";\n\nif (get_kb_item (key))\n{\n version = get_kb_item (key2);\n if (version)\n {\n set_kb_item (name:\"zonealarm/version\", value:version);\n\n ## build cpe and store it as host_detail\n cpe = build_cpe(value: version, exp:\"^([0-9.]+)\",base:\"cpe:/a:zonelabs:zonealarm:\");\n if(!isnull(cpe))\n register_host_detail(name:\"App\", value:cpe, nvt:SCRIPT_OID, desc:SCRIPT_DESC);\n\n if(ereg(pattern:\"[1-4]\\.|5\\.0\\.|5\\.1\\.\", string:version))\n {\n security_message(0);\n }\n }\n}\n", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2021-01-22T12:27:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-2713"], "description": "ZoneAlarm Pro firewall runs on this host.\n\n This version contains a flaw that may allow a local denial of service. To\n exploit this flaw, an attacker would need to temper with the files located in\n %windir%/Internet Logs. An attacker may modify them and prevent ZoneAlarm\n to start up properly.", "modified": "2021-01-20T00:00:00", "published": "2005-11-03T00:00:00", "id": "OPENVAS:136141256231014726", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231014726", "type": "openvas", "title": "ZoneAlarm Pro Local DoS", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# ZoneAlarm Pro local DoS\n#\n# Authors:\n# David Maciejak <david dot maciejak at kyxar dot fr>\n# based on work from (C) Tenable Network Security\n#\n# Copyright:\n# Copyright (C) 2005 David Maciejak\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.14726\");\n script_version(\"2021-01-20T14:57:47+0000\");\n script_cve_id(\"CVE-2004-2713\");\n script_tag(name:\"last_modification\", value:\"2021-01-20 14:57:47 +0000 (Wed, 20 Jan 2021)\");\n script_tag(name:\"creation_date\", value:\"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)\");\n script_xref(name:\"OSVDB\", value:\"9761\");\n script_tag(name:\"cvss_base\", value:\"1.9\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:N/I:N/A:P\");\n script_name(\"ZoneAlarm Pro Local DoS\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2005 David Maciejak\");\n script_family(\"Windows\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n\n script_tag(name:\"summary\", value:\"ZoneAlarm Pro firewall runs on this host.\n\n This version contains a flaw that may allow a local denial of service. To\n exploit this flaw, an attacker would need to temper with the files located in\n %windir%/Internet Logs. An attacker may modify them and prevent ZoneAlarm\n to start up properly.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the latest version of this software\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"cpe.inc\");\ninclude(\"host_details.inc\");\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nkey = \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\";\nif( ! registry_key_exists( key:key ) ) exit( 0 );\n\nforeach item( registry_enum_keys( key:key ) ) {\n\n name = registry_get_sz( key:key + item, item:\"DisplayName\" );\n\n if( \"ZoneAlarm Pro\" >< name ) {\n\n version = registry_get_sz( key:key + item, item:\"DisplayVersion\" );\n if( version ) {\n\n set_kb_item( name:\"zonealarm/version\", value:version );\n\n register_and_report_cpe( app:\"ZoneAlarm Pro\", ver:version, concluded:version, base:\"cpe:/a:zonelabs:zonealarm:\", expr:\"^([0-9.]+)\" );\n\n if( ereg( pattern:\"[1-4]\\.|5\\.0\\.|5\\.1\\.\", string:version ) ) {\n security_message( port:0, data:\"The target host was found to be vulnerable.\" );\n exit( 0 );\n }\n }\n }\n}\n\nexit( 0 );\n", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:N/I:N/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:04", "bulletinFamily": "software", "cvelist": ["CVE-2004-2713"], "edition": 1, "description": "## Vulnerability Description\nZone Alarm Pro contains a flaw that may allow a local denial of service. The issue is due to Zone Alarm Pro setting the configuration file/folder permissions for %windir%\\Internet Logs\\* to Everyone:Full Control. This allows any local user to make changes to the Zone Alarm configuration file. While the changes to the configuration are not processed by the server, the changes to the file trigger it's built in protection to prevent running with untrusted options and causes the firewall to shut down.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nZone Alarm Pro contains a flaw that may allow a local denial of service. The issue is due to Zone Alarm Pro setting the configuration file/folder permissions for %windir%\\Internet Logs\\* to Everyone:Full Control. This allows any local user to make changes to the Zone Alarm configuration file. While the changes to the configuration are not processed by the server, the changes to the file trigger it's built in protection to prevent running with untrusted options and causes the firewall to shut down.\n## References:\nVendor URL: http://www.zonelabs.com\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0871.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0881.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0883.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0896.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0389.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0933.html\nISS X-Force ID: 17099\n[CVE-2004-2713](https://vulners.com/cve/CVE-2004-2713)\n", "modified": "2004-08-19T22:26:44", "published": "2004-08-19T22:26:44", "href": "https://vulners.com/osvdb/OSVDB:9761", "id": "OSVDB:9761", "title": "ZoneAlarm Pro Configuration File/Directory Permission Weakness DoS", "type": "osvdb", "cvss": {"score": 1.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}