Topic: ZoneAlarm Flaw Opens Firewalls To E-mail Attack

[Clive]

By TechWeb News

Zone Labs has alerted users that several versions of its personal firewall products are vulnerable to a buffer overflow attack conducted via e-mail that could leave supposedly-protected systems open to malicious code assaults, the company said.

The affected editions include the 4.0 versions of ZoneAlarm, ZoneAlarm Plus, and ZoneAlarm Pro; ZoneAlarm Pro 4.5; and Zone Labs Integrity Client 4.0 and 4.5.

"If successfully exploited, a skilled attacker could cause the firewall to stop processing traffic, execute arbitrary code, or elevate malicious code's privileges," ZoneAlarm said Wednesday in the alert posted on its Web site.

The vulnerability, which was first reported by eEye Digital Security, is caused by an unchecked buffer in Simple Mail Transfer Protocol (SMTP) processing, which could in turn lead to a buffer overflow, said ZoneAlarm. To exploit the vulnerability remotely, the target system must be operating as an SMTP server.

"Zone Labs does not recommend using our client security products to protect servers," the company said. Zone Labs also sells a server-specific firewall under its Integrity line.

ZoneAlarm users were urged to update their software to version 4.5.538.001, while Integrity Client 4.0 and 4.5 users should upgrade to versions 4.0.146.046 and 4.5.085, respectively. More details on the vulnerability and upgrade instructions can be found on the Zone Labs Web site.

http://www.internetweek.com/security02/showArticle.jhtml?articleID=17900009

[Simon]

I have heard of several people having problems with ZA fairly recently.  My suggestion would be to switch to >>  

[chorleydave]

I detest firewalls, but I have managed to tolerate Sygate for over twelve months now, so it must be worth considering.

[Delgado]

I have heard of several people having problems with ZA fairly recently.  My suggestion would be to switch to >>  

    I used to love Sygate Personal Firewall, but after using latest version (the details of latest one I cant remember), I have been unable to get any satisfaction from it. It constantly crashes and shuts down, leaving me unprotected. I have downloaded different copies of it, in case the file was corrupted, but its just the same. I thought it might be something to do with ADSL Broadband, which I have switched to, but any advice would be welcome.


     

[chorleydave]

Hi, Delgado.  I'm using the Pro version and I can't say I've had any crashes.  Are you using the free version or the Pro version?

[Delgado]

Hi, Delgado.  I'm using the Pro version and I can't say I've had any crashes.  Are you using the free version or the Pro version?

   Ive tried both- same problem! It seems to be OK with older versions, but it is no good with updated one. A long time ago I had a Cracked version. Now if I install the Pro Version it picks up the details of registration etc from somewhere-dont know where, because I do countless registry cleans.
   

 

[TR]

Hi, Delgado.  I'm using the Pro version and I can't say I've had any crashes.  Are you using the free version or the Pro version?

   Ive tried both- same problem! It seems to be OK with older versions, but it is no good with updated one. A long time ago I had a Cracked version. Now if I install the Pro Version it picks up the details of registration etc from somewhere-dont know where, because I do countless registry cleans.
   

 

If it was cracked does it mean it was broken   and thats why its picking it up  

[Delgado]

No it dosent mean its broken! Im trying to have a sensible discussion here!

   > >

[Sandra]

Hi Delgado, I assume that the cracked version was a trial version with a patch or a serial number that you added later ?
Some programs that are installed initially as a trial "hide" information all over the place, making it almost impossible to remove all traces of it.
Then when you reinstall it it knows that it has been on your PC before and thinks that you are trying to get an extended trial.
You are then stuck with that until you wipe your drive completely.
I cant understand why its not letting you use the genuine paid for version though, as it should recognise that it isnt an extension of the trial and install as normal  
 

[Simon]

We know what you mean Delgado.    I also have tried both versions (Free / Pro), and I've never managed to find where it hides the registration details either.  Possibly somewhere in a hidden Application Data folder?  Anyway, I have Norton now, but I still preferred Sygate to ZA.

When you say it 'crashed and shuts down', do you get any error messages?  I had a similar problem with one version, but other things were happening as well.  I never did find out what was wrong, but after a format and reinstalling XP, it was fine.  Also, if it does shut down unexpectedly, if you have selected the option for it to do so, it is supposed to automatically block all traffic, so you should still be protected.  The only reason I now use Norton is I had it sitting on a disc, begging to be tried, and as it was just as good as Sygate, I never bothered to switch back.  Once Norton 2003 expires, I don't think I will use 2004, not with this new 'activation' gimic, so I may well look at Sygate again when that time comes.

[Delgado]

Thanks for your comments. Yes the programme that I installed originally came with an activation serial number that I got from a dubious web site. This worked a treat with a trial version download. Then I had the latest update and everything went awol. Now I cant even use the free version unless I go back to an old version. Must be something hidden as you say, anyway coming up for new larger drive installation, so might try again once everything is clean. The message I get is "Sygate Personal Firewall has encountered a problem, and has to close"

     

[Simon]

Some programs can check the authenticity of the licence by 'phoning home'.  Perhaps later versions of Sygate now use this method, and can spot dubious serial numbers, which may be why your version kept crashing?  Might be best to stick to the free version if you install it again.  I think the free version offers as much protection as you need - your Anti Virus software should take care of the rest.