Symptoms

www.matousec.com has published a new technique for evading OS firewall protections.

The attack is described in http://www.matousec.com/info/article...y-software.php and in http://www.securityfocus.com/bid/39924/


Cause

A race condition attack that evades access control checks by substituting system call arguments.


Solution

ZoneAlarm Extreme Security 9.1.507.000 was reported to be vulnerable. However, ZoneAlarm has a protection against this type of attack.
To enable this protection ("Off" by Default), proceed as follows:

Launch the ZoneAlarm extreme Security GUI.
Select the "Program Control" menu item.
Under "Program Control", click "Custom". The "Custom Program Control Settings" popup appears.
Access the "Program Control" tab, and select "Advanced Control".
Select "Enable Timing Attack Prevention".