[ SOURCE: http://www.secureroot.com/security/advisories/9768322800.html ]

FoolProof Security is a desktop security application for Windows

95/98/ME. Its purpose is to block users from accessing all programs,

except those which are intended by the administrator. Additionally, it is

intended to allow the user to only save files to specific locations

(usually the floppy disk drive). FoolProof Security is usually found in

computer labs, or on publicly accessible systems.



A vulnerability exsists in FoolProof Security, in that it restricts

certain programs to be executed only by name. By renaming a restricted

program, it can be successfuly executed. This vulnerability can be used to

sucessfully circumvent the security measures put forth by FoolProof, and

even remove it entirely from the system.



The following is an example:



On a system with FoolProof Security installed open an MS-DOS Shell

(usually found in Start Menu -> Programs -> Accessories). ['COMMAND.EXE'

is not restricted by FoolProof.] At the command prompt issue the 'ftp'

command and open a connection to an ftp server in which you have write

access to. ['FTP.EXE' is not restricted by FoolProof.] Upload the

restricted program in which you wish to run. [such as 'deltree',

'xcopy', 'edit', 'fdisk', and 'format'.] Afterwords, download these

programs under a different name. [Use names other than those of restricted

programs. Names such as 'tmp001a.exe' work.] You will now be able to use

these programs, just as if they were the restricted equivilant.



Side Note: Although you can use this process to use 'regedit', the

registry is still locked by FoolProof.



Solution:



A quick fix, would be the removal of the 'ftp' client (although it will

still be possible to download a simple ftp client that will do the same

job.)



Additionally, any shortcuts to 'command' should be removed, as this method

will not work without it.



FoolProof Security can be found at http://www.smartstuff.com.





Sincerely,

Bryan A. Hughes