Article

Firewall hole cause for 'Alarm'

Edward Hurley, News Writer

Users of ZoneAlarm personal firewalls are urged to apply an update for a vulnerability in many versions that could allow attackers to increase their system privileges on targeted machines.

The flaw occurs when the firewall is processing Simple Mail Transfer Protocol (SMTP) traffic. ZoneAlarm has deemed it a "medium" risk since only systems that are being run as SMTP servers are affected. The company does not recommend using its products to protect such systems.

Specifically, the flaw is a stack-based buffer overflow in a component that processes the RCPT TO command argument, said an advisory from Aliso Viejo, Calif.-based eEye Digital Security, which discovered the flaw. Attackers can exploit the flaw by sending a particularly large argument to RCPT TP command, which overflows the buffer. If exploited, the vulnerability could cause the firewall to stop processing, increase the attackers' user privileges or run arbitrary code on the system.

Affected versions include:

  • ZoneAlarm 4.0 to 4.5.538.000
  • ZoneAlarm Pro 4.0 to 4.5.538.000
  • ZoneAlarm Plus 4.0 to 4.5.538.000
  • Zone Labs Integrity Client 4.0 to 4.5.084

Users of such systems can click

    Requires Free Membership to View

here for information about patching their products.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: