Firewall hole cause for 'Alarm'

Users of ZoneAlarm personal firewalls should apply a patch to seal a hole in many versions that could allow attackers to increase their system privileges.

Users of ZoneAlarm personal firewalls are urged to apply an update for a vulnerability in many versions that could allow attackers to increase their system privileges on targeted machines.

The flaw occurs when the firewall is processing Simple Mail Transfer Protocol (SMTP) traffic. ZoneAlarm has deemed it a "medium" risk since only systems that are being run as SMTP servers are affected. The company does not recommend using its products to protect such systems.

Specifically, the flaw is a stack-based buffer overflow in a component that processes the RCPT TO command argument, said an advisory from Aliso Viejo, Calif.-based eEye Digital Security, which discovered the flaw. Attackers can exploit the flaw by sending a particularly large argument to RCPT TP command, which overflows the buffer. If exploited, the vulnerability could cause the firewall to stop processing, increase the attackers' user privileges or run arbitrary code on the system.

Affected versions include:

  • ZoneAlarm 4.0 to 4.5.538.000
  • ZoneAlarm Pro 4.0 to 4.5.538.000
  • ZoneAlarm Plus 4.0 to 4.5.538.000
  • Zone Labs Integrity Client 4.0 to 4.5.084

Users of such systems can click here for information about patching their products.

Dig deeper on Network Firewalls, Routers and Switches

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close