ZoneAlarm Flaw Opens Firewalls To E-mail Attack

vishal sharma's Avatar author of ZoneAlarm Flaw Opens Firewalls To E-mail Attack
This is an article on ZoneAlarm Flaw Opens Firewalls To E-mail Attack in Ethical hacking Tips.
got this from the net .........nice though


Zone Labs has alerted users that several versions of its personal firewall products are vulnerable to a buffer overflow attack conducted via e-mail that could leave supposedly-protected systems open to malicious code assaults, the company said.
The affected editions include the 4.0 versions of ZoneAlarm, ZoneAlarm Plus, and ZoneAlarm Pro; ZoneAlarm Pro 4.5; and Zone Labs Integrity Client 4.0 and 4.5.


"If successfully exploited, a skilled attacker could cause the firewall to stop processing traffic, execute arbitrary code, or elevate malicious code's privileges," ZoneAlarm said Wednesday in the alert posted on its Web site.


The vulnerability, which was first reported by eEye Digital Security, is caused by an unchecked buffer in Simple Mail Transfer Protocol (SMTP) processing, which could in turn lead to a buffer overflow, said ZoneAlarm. To exploit the vulnerability remotely, the target system must be operating as an SMTP server.


"Zone Labs does not recommend using our client security products to protect servers," the company said. Zone Labs also sells a server-specific firewall under its Integrity line.


ZoneAlarm users were urged to update their software to version 4.5.538.001, while Integrity Client 4.0 and 4.5 users should upgrade to versions 4.0.146.046 and 4.5.085, respectively. More details on the vulnerability and upgrade instructions can be found on the Zone Labs Web site.


vishal sharma
0
libervisco's Avatar
Go4Expert Member
The best firewall you could have is linux.. Wait, i heard that somewhere.. not my thought..
But it's true, be it due to it being an alternative and less of a hacker target or by it's enhanced security (protected root abilities and stuff). Linux is much more secure than windows, and that's the "firewall" or even "antivirus" enough you need.

Daniel
0
vishal sharma's Avatar, Join Date: Jul 2004
Ambitious contributor
any firewall or antivirus is not safe... the reason y we call linux to be safe is the very fact that the thing was never attacked thats all... the basic flaw in any firewall is its most important need & that is port 80...u can bring any server down by using simple xploitation of this fact....
0
shabbir's Avatar, Join Date: Jul 2004
Go4Expert Founder
Hello vishal

Its long time seen you here. I hope everything is fine there.

Also
Quote:
any firewall or antivirus is not safe... the reason y we call linux to be safe is the very fact that the thing was never attacked thats all... the basic flaw in any firewall is its most important need & that is port 80...u can bring any server down by using simple xploitation of this fact....
Very much true.
0
vishal sharma's Avatar, Join Date: Jul 2004
Ambitious contributor
hey shabbir,

life is good trying to cope up with many things thats y was a bit out of touch....now everything is in control hope to be able to in touch now on wards....
best of luck
0
anubhav's Avatar, Join Date: Jul 2010
Newbie Member
Mr.vishal i thnk u dont even knw basics of computer bcoz linux is the safest platform in expectent of any type of attack bcoz in this platrom gud knowledge and platform housing drive is invisible and hence it is also called storeage consuming platform.......