[prev in list] [next in list] [prev in thread] [next in thread]
List: vulnwatch
Subject: [VulnWatch] NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability
From: "Abraham Lincoln" <sunninja () scientist ! com>
Date: 2002-10-16 14:41:04
[Download RAW message or body]
NSSI Technologies Inc Research Labs Security Advisory
http://www.nssolution.com (Philippines / .ph)
"Maximum e-security"
http://nssilabs.nssolution.com
ZoneAlarm Pro 3.1 and 3.0 Denial of Service Vulnerability
Author: Abraham Lincoln Hao / SunNinja
e-Mail: abraham@nssolution.com / SunNinja@Scientist.com
Advisory Code: NSSI-2002-zonealarm3
Tested: Under Win2k Advance Server with SP3 / WinNT 4.0 with SP6a / Win2K \
Professional / WinNT 4.0 workstation
Vendor Status: Zone Labs is already contacted 1 month ago and they informed me that \
they going to release an update or new version to patched the problem. This \
vulnerability is confirmed by the vendor.
Vendors website: http://www.zonelabs.com
Severity: High
Overview:
New ZoneAlarm® Pro delivers twice the security—Zone Labs’ award-winning, \
personal firewall trusted by millions, plus advanced privacy features. the \
award-winning PC firewall that blocks intrusion attempts and protects against \
Internet-borne threats like worms, Trojan horses, and spyware.
ZoneAlarm Pro 3.1 and 3.0 doubles your protection with enhanced Ad Blocking and \
expanded Cookie Control to speed up your Internet experience and stop Web site \
spying. Get protected. Compatible with Microsoft® Windows® 98/Me/NT/2000 and XP.
ZoneAlarm Pro 3.1.291 and 3.0 contains vulnerability that would let the attacker \
consume all your CPU and Memory usage that would result to Denial of Service Attack \
through sending multiple syn packets / synflooding.
Details:
Zone-Labs ZoneAlarm Pro 3.1.291 and 3.0 contains a vulnerability that would let \
the attacker consume all your CPU and Memory usage that would result to Denial of \
Service Attack through Synflooding that would cause the machine to stop from \
responding. Zone-Labs ZoneAlarm Pro 3.1.291 and 3.0 is also vulnerable with IP \
Spoofing. This Vulnerabilities are confirmed from the vendor.
Test diagram:
[*Nix b0x with IP Spoofing scanner / Flooder] <===[10/100mbps switch===> [Host \
with ZoneAlarm]
1] Tested under default install of the 2 versions after sending minimum of 300 Syn \
Packets to port 1-1024 the machine will hang-up until the attack stopped.
2] We configured the ZoneAlarm firewall both version to BLOCK ALL traffic setting \
after sending a minimum of 300 Syn Packets to port 1-1024 the machine will hang-up \
until the attack stopped.
Workaround:
Disable ZoneAlarm and Hardened TCP/IP stack of your windows and Install latest \
Security patch.
Note: To people who's having problem reproducing the vulnerability let me know :)
Any Questions? Suggestions? or Comments? let us know.
e-mail: nssilabs@nssolution.com / abraham@nssolution.com / infosec@nssolution.com
greetings:
nssilabs team, especially to b45h3r and rj45, Most skilled and pioneers of NSSI \
good luck!. (mike@nssolution.com / aaron@nssolution.com), Lawless the saint ;), \
dig0, p1x3l, dc and most of all to my Lorie.
--
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic