CVE-2019-8455 : What You Need to Know

A vulnerability in Check Point ZoneAlarm up to version 15.4.062 allows a local attacker to gain elevated privileges by creating a hard-link between the log file and another system file.

Understanding CVE-2019-8455

When a hard-link is established between the log file of Check Point ZoneAlarm up to version 15.4.062 and any other file on the system, the permissions of the linked file are modified to allow all users to access it. This action grants greater privileges to a local attacker on files that originally had restricted access.

What is CVE-2019-8455?

This CVE describes a vulnerability in Check Point ZoneAlarm that enables a local attacker to escalate privileges by manipulating file permissions through hard-link creation.

The Impact of CVE-2019-8455

The vulnerability allows a local attacker to access files with restricted permissions, potentially leading to unauthorized access and data compromise.

Technical Details of CVE-2019-8455

Vulnerability Description

A hard-link created from the log file of Check Point ZoneAlarm up to version 15.4.062 to any file on the system will have its permission changed, granting all users access to the linked file.

Affected Systems and Versions

Product: Check Point ZoneAlarm
Vendor: n/a
Versions affected: up to 15.4.062

Exploitation Mechanism

The vulnerability is exploited by establishing a hard-link between the log file and another file on the system, resulting in modified permissions that allow unauthorized access.

Mitigation and Prevention

Immediate Steps to Take

Apply the latest security patches provided by Check Point for ZoneAlarm.
Monitor file permissions and access rights to detect unauthorized changes.

Long-Term Security Practices

Implement the principle of least privilege to restrict access to sensitive files.
Regularly review and update file permissions to ensure proper access control.

Patching and Updates

Ensure that Check Point ZoneAlarm is updated to version 15.4.062 or higher to mitigate the vulnerability.