Users of ZoneAlarm personal firewalls are urged to apply an update for a vulnerability in many versions that could allow attackers to increase their system privileges on targeted machines.
The flaw occurs when the firewall is processing Simple Mail Transfer Protocol (SMTP) traffic. ZoneAlarm has deemed it a "medium" risk since only systems that are being run as SMTP servers are affected. The company does not recommend using its products to protect such systems.
Specifically, the flaw is a stack-based buffer overflow in a component that processes the RCPT TO command argument, said an advisory from Aliso Viejo, Calif.-based eEye Digital Security, which discovered the flaw. Attackers can exploit the flaw by sending a particularly large argument to RCPT TP command, which overflows the buffer. If exploited, the vulnerability could cause the firewall to stop processing, increase the attackers' user privileges or run arbitrary code on the system.
Affected versions include:
- ZoneAlarm 4.0 to 4.5.538.000
- ZoneAlarm Pro 4.0 to 4.5.538.000
- ZoneAlarm Plus 4.0 to 4.5.538.000
- Zone Labs Integrity Client 4.0 to 4.5.084