Trend Micro, Zone Labs, ClamAV join list of insecure security products

Summary:Add Trend Micro, Check Point Zone Labs and ClamAV to the long list of security products that put end users at risk of malicious hacker attacks.

Trend Micro flaw opens door to hacker attacks
Add Trend Micro, Check Point Zone Labs and ClamAV to the long list of security products that put end users at risk of malicious hacker attacks.

The three vendors have all acknowledged various security vulnerabilities in a range of desktop and server products that could lead to arbitrary code execution, privilege escalation or denial-of-service conditions.

Trend Micro, which specializes in virus protection software, has issued patches for ServerProtect and the PC-cillin suite.

[SEE: Can you really trust your security vendor? ]

The ServerProtect update, rated "moderately critical" by Secunia, covers boundary errors and integer overflow errors that could be exploited to launch harmful code on a vulnerable installation. Two separate alerts from iDefense (here and here) outline the details and potential risks.

iDefense has also discovered about a remotely exploitable buffer overflow in Trend Micro Inc.'s SSAPI Engine that could allow attackers to execute arbitrary code with system level privileges.

The latest black-eye for security vendors has also affected Check Point Zone Labs. From an iDefense alert:

Local exploitation of an insecure permission vulnerability in multiple Check Point Zone Labs products allows attackers to escalate privileges or disable protection.

The vulnerability specifically exists in the default file Access Control List (ACL) settings that are applied during installation. When an administrator installs any of the Zone Labs ZoneAlarm tools, the default ACL allows any user to modify the installed files. Some of the programs run as system services. This allows a user to simply replace an installed ZoneAlarm file with their own code that will later be executed with system-level privileges.

Exploitation allows local attackers to escalate privileges to the system level. It is also possible to use this vulnerability to simply disable protection by moving all of the executable files so that they cannot start on a reboot.

ClamAV, the open-source anti-virus toolkit recently acquired by Sourcefire, has also struggled with security problems that could lead to sudden denial-of-service crashes. Secunia rates the ClamAV issues as "moderately critical."

Topics: Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.