1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

ZoneAlarm Flaw Opens Firewalls To E-mail Attack

Discussion in 'Ethical hacking Tips' started by vishal sharma, Aug 20, 2004.

  1. vishal sharma

    vishal sharma New Member

    Joined:
    Jul 23, 2004
    Messages:
    106
    Likes Received:
    6
    Trophy Points:
    0
    got this from the net .........nice though


    Zone Labs has alerted users that several versions of its personal firewall products are vulnerable to a buffer overflow attack conducted via e-mail that could leave supposedly-protected systems open to malicious code assaults, the company said.
    The affected editions include the 4.0 versions of ZoneAlarm, ZoneAlarm Plus, and ZoneAlarm Pro; ZoneAlarm Pro 4.5; and Zone Labs Integrity Client 4.0 and 4.5.


    "If successfully exploited, a skilled attacker could cause the firewall to stop processing traffic, execute arbitrary code, or elevate malicious code's privileges," ZoneAlarm said Wednesday in the alert posted on its Web site.


    The vulnerability, which was first reported by eEye Digital Security, is caused by an unchecked buffer in Simple Mail Transfer Protocol (SMTP) processing, which could in turn lead to a buffer overflow, said ZoneAlarm. To exploit the vulnerability remotely, the target system must be operating as an SMTP server.


    "Zone Labs does not recommend using our client security products to protect servers," the company said. Zone Labs also sells a server-specific firewall under its Integrity line.


    ZoneAlarm users were urged to update their software to version 4.5.538.001, while Integrity Client 4.0 and 4.5 users should upgrade to versions 4.0.146.046 and 4.5.085, respectively. More details on the vulnerability and upgrade instructions can be found on the Zone Labs Web site.

    :cool:
    vishal sharma
     
  2. libervisco

    libervisco New Member

    Joined:
    Aug 22, 2004
    Messages:
    37
    Likes Received:
    0
    Trophy Points:
    0
    The best firewall you could have is linux.. Wait, i heard that somewhere.. not my thought.. :D
    But it's true, be it due to it being an alternative and less of a hacker target or by it's enhanced security (protected root abilities and stuff). Linux is much more secure than windows, and that's the "firewall" or even "antivirus" enough you need. :)

    Daniel
     
  3. vishal sharma

    vishal sharma New Member

    Joined:
    Jul 23, 2004
    Messages:
    106
    Likes Received:
    6
    Trophy Points:
    0
    any firewall or antivirus is not safe... the reason y we call linux to be safe is the very fact that the thing was never attacked thats all... the basic flaw in any firewall is its most important need & that is port 80...u can bring any server down by using simple xploitation of this fact....
     
  4. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,285
    Likes Received:
    364
    Trophy Points:
    83
    Hello vishal

    Its long time seen you here. I hope everything is fine there.

    Also
    Very much true.
     
  5. vishal sharma

    vishal sharma New Member

    Joined:
    Jul 23, 2004
    Messages:
    106
    Likes Received:
    6
    Trophy Points:
    0
    hey shabbir,

    life is good trying to cope up with many things thats y was a bit out of touch....now everything is in control hope to be able to in touch now on wards....
    best of luck
     
  6. anubhav

    anubhav New Member

    Joined:
    Jul 2, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    0
    Mr.vishal i thnk u dont even knw basics of computer bcoz linux is the safest platform in expectent of any type of attack bcoz in this platrom gud knowledge and platform housing drive is invisible and hence it is also called storeage consuming platform.......:p
     

Share This Page