OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Abel, Chris (Chris.Abelmfn.com)
Date: Sat Mar 16 2002 - 13:35:39 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I think this is more of a design issue then a vulnerability of sorts. When
    you open a file directly from with in it's zip file, Windows actually
    extracts that file first and spools it to your temp directory. If you close
    the file as stated below, before closing the zip file, the spooled version
    of the file in your temp directory is deleted. If you close the zip file
    before the spooled file, WinZip should warn you that you are closing the
    archive with the file open and it will not be able to remove it once you are
    done. I'm I making sense?

    -----Original Message-----
    From: Kerozene [mailto:kerozenephreaker.net]
    Sent: Thursday, March 14, 2002 7:24 PM
    To: vuln-devsecurityfocus.com
    Cc: bugtraqsecurityfocus.com; securitymicrosoft.com
    Subject: Vulnerability in winzip password protection ?

    Vulnerability in all winzip versions?:
    Author: Pablo Sabbatella
    Site: www.hackemate.com.ar
    Date: 14-03-2002

       I dont know if this a security bug, vulnerability
    or whatever, but I found it was pretty dangerous. Lets
    suppouse we want to secure the file secret.txt, so we
    zip it with winzip and choose to protect it with a
    password we only know. We save it and then one day we
    decide to access it, so we open it, we enter the password,
    it opens secret.txt, we close Winzip and we visualize the
    file that we had protected before. After watching it, we
    close it and get to another thing. Well, this proccess seems
    quite common, but if you open a passworded file and you close
    Winzip before closing the file, that file will be stored with
    NO PASSWORD PROTECTION in C:\Windows\Temp or your predeterminated
    Temp directory.
         This only affects users who sahre the computer with others,
    and paranoic :).

    Possible fixes: - Donīt close winzip till you finish with the secured
                      file
                    - Empty Temp Directory after each session in Winzip
                      with passworded files
                    - Microsoft, could make a patch for those files to be
                      automaticaly deleted or not stored in Temp
                      directory.

    Greetz to you all guys

    Pablo Sabbatella
    sabbatellahackemate.com.ar
    www.Hackemate.com.ar
    ICQ: 126270302