Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Ethical hacking Tips (http://www.go4expert.com/articles/ethical-hacking-tutorials/)
-   -   ZoneAlarm Flaw Opens Firewalls To E-mail Attack (http://www.go4expert.com/articles/zonealarm-flaw-firewalls-e-mail-attack-t133/)

vishal sharma 21Aug2004 01:20

ZoneAlarm Flaw Opens Firewalls To E-mail Attack
 
got this from the net .........nice though


Zone Labs has alerted users that several versions of its personal firewall products are vulnerable to a buffer overflow attack conducted via e-mail that could leave supposedly-protected systems open to malicious code assaults, the company said.
The affected editions include the 4.0 versions of ZoneAlarm, ZoneAlarm Plus, and ZoneAlarm Pro; ZoneAlarm Pro 4.5; and Zone Labs Integrity Client 4.0 and 4.5.


"If successfully exploited, a skilled attacker could cause the firewall to stop processing traffic, execute arbitrary code, or elevate malicious code's privileges," ZoneAlarm said Wednesday in the alert posted on its Web site.


The vulnerability, which was first reported by eEye Digital Security, is caused by an unchecked buffer in Simple Mail Transfer Protocol (SMTP) processing, which could in turn lead to a buffer overflow, said ZoneAlarm. To exploit the vulnerability remotely, the target system must be operating as an SMTP server.


"Zone Labs does not recommend using our client security products to protect servers," the company said. Zone Labs also sells a server-specific firewall under its Integrity line.


ZoneAlarm users were urged to update their software to version 4.5.538.001, while Integrity Client 4.0 and 4.5 users should upgrade to versions 4.0.146.046 and 4.5.085, respectively. More details on the vulnerability and upgrade instructions can be found on the Zone Labs Web site.

:cool:
vishal sharma

libervisco 17Sep2004 00:40

Re: ZoneAlarm Flaw Opens Firewalls To E-mail Attack
 
The best firewall you could have is linux.. Wait, i heard that somewhere.. not my thought.. :D
But it's true, be it due to it being an alternative and less of a hacker target or by it's enhanced security (protected root abilities and stuff). Linux is much more secure than windows, and that's the "firewall" or even "antivirus" enough you need. :)

Daniel

vishal sharma 25Jul2005 06:54

Re: ZoneAlarm Flaw Opens Firewalls To E-mail Attack
 
any firewall or antivirus is not safe... the reason y we call linux to be safe is the very fact that the thing was never attacked thats all... the basic flaw in any firewall is its most important need & that is port 80...u can bring any server down by using simple xploitation of this fact....

shabbir 25Jul2005 07:50

Re: ZoneAlarm Flaw Opens Firewalls To E-mail Attack
 
Hello vishal

Its long time seen you here. I hope everything is fine there.

Also
Quote:

any firewall or antivirus is not safe... the reason y we call linux to be safe is the very fact that the thing was never attacked thats all... the basic flaw in any firewall is its most important need & that is port 80...u can bring any server down by using simple xploitation of this fact....
Very much true.

vishal sharma 29Jul2005 18:38

Re: ZoneAlarm Flaw Opens Firewalls To E-mail Attack
 
hey shabbir,

life is good trying to cope up with many things thats y was a bit out of touch....now everything is in control hope to be able to in touch now on wards....
best of luck

anubhav 2Jul2010 17:07

Re: ZoneAlarm Flaw Opens Firewalls To E-mail Attack
 
Mr.vishal i thnk u dont even knw basics of computer bcoz linux is the safest platform in expectent of any type of attack bcoz in this platrom gud knowledge and platform housing drive is invisible and hence it is also called storeage consuming platform.......:p


All times are GMT +5.5. The time now is 19:26.