Results 1 to 6 of 6

Thread: ZoneAlarm Pro Vulnerability

  1. #1
    pairofhearts Guest

    Default ZoneAlarm Pro Vulnerability

    Affected Software:
    ZoneAlarm Pro 2.x
    ZoneAlarm Pro 3.x
    ZoneAlarm Pro 4.x
    ZoneAlarm Pro 5.x
    ZoneAlarm Pro 6.x

    Matousec has discovered a vulnerability in ZoneAlarm Pro, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

    The vulnerability is caused due to an error in the handling of data sent to the "Device\vsdatant" device. This can be exploited to crash a vulnerable system by sending malformed data to the said device.

    The vulnerability is confirmed in version 6.5.737.000 and also reported in version 6.1.744.001. Other versions may also be affected.

    Solution: Upgrade to version 7.0.302.000 or later.
    http://www.zonealarm.com/store/conte...US&lang=en

    http://secunia.com/advisories/25064/

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Pro
    Software Version:7.0

  2. #2
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: ZoneAlarm Pro Vulnerability

    I don't know how others feel about Matousec, but they don't give me a warm fuzzy. Most groups that look for security flaws tell the world for nothing. Matousec keeps both the exact flaw and the testing methods totally private, thus not allowing anyone to duplicate the fault. And what is even more reprehensible in my opinion is that they don't even say you have to be physically present to take advantage of this vulnerability. It is akin to warning ATM users that others areable to get their PIN numbers from an ATM. But then not telling them, the person has to have a camera viewing the keypad, or be looking over their shoulder.
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

  3. #3
    Join Date
    Jun 2006
    Location
    The 3rd Coast - South Central Texas
    Posts
    10,465

    Default Re: ZoneAlarm Pro Vulnerability

    Don't believe everything you read, especially from those that don't tell you how they came to the conclusions that they claim..
    GeorgeV
    ZoneAlarm® Extreme Security


    Click here for ZA Support
    Monday-Saturday__ 6am to 10pm Central time
    Closed Sundays and Holidays

  4. #4
    watcher Guest

    Default Re: ZoneAlarm Pro Vulnerability

    Dear Hoov:

    Dissemination of vulnerabilities prior to a "fix" used to be the norm but malicious hackers have been able to shorten the time interval between discovery and exploitation of the vulnerability to the point that they can carry out attacks prior to the software publisher issuing the patch so that computer networks are more vulnerable than ever. 3COM now sponsers the Zero Day Initiative(ZDI) which offers payment to security researchers to withhold dissemination of the vulnerability until the publisher of the software can issue a patch. 3COM, in return, can develop their own definitions for their TippingPoint IPS appliances. Is it a perfect method, no. However, it is better than a zero-day attack. In the past, we've had attacks similar in scope because the system administrators did not keep up with the patches for these vulnerabilities and the result was that many networks were crippled. I personally witnessed the Blaster worm in action. It took out our WAN quickly and after telling us to keep rebooting for 2 hours straight(I still laugh about that one), the IT department finally figured out the problem and all of us went home early so they could push the patch to all workstations. Nowadays, to ignore patch management is to commit career suicide. Microsoft's "patch Tuesday" mentality affirms that they are not serious about security so, as the company with the largest user base for operating systems, they are practically inviting hackers to attack them.

    I do agree with you that, in the case of where a hacker must have physical access to the computer in order to carry out the exploit, should be disseminated and distinguished from those which can be done remotely. However, I believe the details about how to perform the attack need to kept secret until the patch is published.
    I'm sure 3COM does not issue payments until their people have reviewed and tested the security researcher's findings.

    Anyway, that's my opinion.

    WATCHER

  5. #5
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: ZoneAlarm Pro Vulnerability

    Its one thing not to let hackers know, but it's a totally different ball of yarn when you won't even let the software writers know how you came to a vulnerability, or the exact nature of it unless you cough up money.
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

  6. #6
    watcher Guest

    Default Re: ZoneAlarm Pro Vulnerability

    Dear Hoov:

    You have a point but the more people that know about it, the greater the probability that the "secret" gets out. Also, there are malicious hackers out there with programming skills equal or greater than the ones that write software for legitimate purposes(and may have worked for software companies before choosing the other side). Unless you are well known in your field, it becomes a judgement call whether or not to give out that info. There is another factor as well, secondary dissemination. You tell me the "secret", I tell someone else, he tells someone else and somewhere down the "chain of trust" a malicious hacker gets ahold of the info. He writes a malicious program to exploit the vulnerability or just publishes it on the Internet for all hackers to see and use. I'm talking of potential attacks that can cripple networks and cost millions of dollars in lost revenue and downtime for the affected companies. Gov't enforcement agencies get involved. Maybe they get lucky and trace the information transfer back to you. What then? Even if you aren't held criminally liable, where do you think your career will be when the incident turns up on CNN? Granted, this is a worst-case scenario but that's what a zero-day attack has the potential to do. There is also the issue of a nondisclosure agreement that security researchers probably sign, either with their company or, if an independent, with 3COM if they participate in their ZDI program. Violating this agreement could definitely get you a new domicile at the graybar motel.

    WATCHER

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •