1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

ZoneAlarm Flaw Opens Firewalls To E-mail Attack

Discussion in 'Ethical hacking Tips' started by vishal sharma, Aug 20, 2004.

  1. vishal sharma

    vishal sharma New Member

    got this from the net .........nice though

    Zone Labs has alerted users that several versions of its personal firewall products are vulnerable to a buffer overflow attack conducted via e-mail that could leave supposedly-protected systems open to malicious code assaults, the company said.
    The affected editions include the 4.0 versions of ZoneAlarm, ZoneAlarm Plus, and ZoneAlarm Pro; ZoneAlarm Pro 4.5; and Zone Labs Integrity Client 4.0 and 4.5.

    "If successfully exploited, a skilled attacker could cause the firewall to stop processing traffic, execute arbitrary code, or elevate malicious code's privileges," ZoneAlarm said Wednesday in the alert posted on its Web site.

    The vulnerability, which was first reported by eEye Digital Security, is caused by an unchecked buffer in Simple Mail Transfer Protocol (SMTP) processing, which could in turn lead to a buffer overflow, said ZoneAlarm. To exploit the vulnerability remotely, the target system must be operating as an SMTP server.

    "Zone Labs does not recommend using our client security products to protect servers," the company said. Zone Labs also sells a server-specific firewall under its Integrity line.

    ZoneAlarm users were urged to update their software to version 4.5.538.001, while Integrity Client 4.0 and 4.5 users should upgrade to versions and 4.5.085, respectively. More details on the vulnerability and upgrade instructions can be found on the Zone Labs Web site.

    vishal sharma
  2. libervisco

    libervisco New Member

    The best firewall you could have is linux.. Wait, i heard that somewhere.. not my thought.. :D
    But it's true, be it due to it being an alternative and less of a hacker target or by it's enhanced security (protected root abilities and stuff). Linux is much more secure than windows, and that's the "firewall" or even "antivirus" enough you need. :)

  3. vishal sharma

    vishal sharma New Member

    any firewall or antivirus is not safe... the reason y we call linux to be safe is the very fact that the thing was never attacked thats all... the basic flaw in any firewall is its most important need & that is port 80...u can bring any server down by using simple xploitation of this fact....
  4. shabbir

    shabbir Administrator Staff Member

    Hello vishal

    Its long time seen you here. I hope everything is fine there.

    Very much true.
  5. vishal sharma

    vishal sharma New Member

    hey shabbir,

    life is good trying to cope up with many things thats y was a bit out of touch....now everything is in control hope to be able to in touch now on wards....
    best of luck
  6. anubhav

    anubhav New Member

    Mr.vishal i thnk u dont even knw basics of computer bcoz linux is the safest platform in expectent of any type of attack bcoz in this platrom gud knowledge and platform housing drive is invisible and hence it is also called storeage consuming platform.......:p

Share This Page