NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability
From: Tracker (TheTrackers000REMOVE@yahoo.com)Date: 10/16/02
- Next message: Alec: "Re: Newbie questions"
- Previous message: : "Re: router firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Tracker <TheTrackers000REMOVE@yahoo.com> Date: Wed, 16 Oct 2002 17:08:53 +0400
Subject: NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service
Vulnerability
NSSI Technologies Inc Research Labs Security Advisory
http://www.nssolution.com (Philippines / .ph)
"Maximum e-security"
http://nssilabs.nssolution.com
ZoneAlarm Pro 3.1 and 3.0 Denial of Service Vulnerability
Author: Abraham Lincoln Hao / SunNinja
e-Mail: abraham@nssolution.com / SunNinja@Scientist.com
Advisory Code: NSSI-2002-zonealarm3
Tested: Under Win2k Advance Server with SP3 / WinNT 4.0 with SP6a /
Win2K Professional / WinNT 4.0 workstation
Vendor Status: Zone Labs is already contacted 1 month ago and they
informed me that they going to release an update or new version to
patched the problem. This vulnerability is confirmed by the vendor.
Vendors website: http://www.zonelabs.com
Severity: High
Overview:
New ZoneAlarm® Pro delivers twice the security—Zone Labs’
award-winning, personal firewall trusted by millions, plus advanced
privacy features. the award-winning PC firewall that blocks intrusion
attempts and protects against Internet-borne threats like worms, Trojan
horses, and spyware.
ZoneAlarm Pro 3.1 and 3.0 doubles your protection with enhanced Ad
Blocking and expanded Cookie Control to speed up your Internet
experience and stop Web site spying. Get protected. Compatible with
Microsoft® Windows® 98/Me/NT/2000 and XP.
ZoneAlarm Pro 3.1.291 and 3.0 contains vulnerability that would let
the attacker consume all your CPU and Memory usage that would result to
Denial of Service Attack through sending multiple syn packets /
synflooding.
Details:
Zone-Labs ZoneAlarm Pro 3.1.291 and 3.0 contains a vulnerability
that would let the attacker consume all your CPU and Memory usage that
would result to Denial of Service Attack through Synflooding that would
cause the machine to stop from responding. Zone-Labs ZoneAlarm Pro
3.1.291 and 3.0 is also vulnerable with IP Spoofing. This
Vulnerabilities are confirmed from the vendor.
Test diagram:
[*Nix b0x with IP Spoofing scanner / Flooder] <===[10/100mbps
switch===> [Host with ZoneAlarm]
1] Tested under default install of the 2 versions after sending minimum
of 300 Syn Packets to port 1-1024 the machine will hang-up until the
attack stopped.
2] We configured the ZoneAlarm firewall both version to BLOCK ALL
traffic setting after sending a minimum of 300 Syn Packets to port
1-1024 the machine will hang-up until the attack stopped.
Workaround:
Disable ZoneAlarm and Hardened TCP/IP stack of your windows and
Install latest Security patch.
Note: To people who's having problem reproducing the vulnerability let
me know :)
Any Questions? Suggestions? or Comments? let us know.
e-mail: nssilabs@nssolution.com / abraham@nssolution.com /
infosec@nssolution.com
greetings:
nssilabs team, especially to b45h3r and rj45, Most skilled and
pioneers of NSSI good luck!. (mike@nssolution.com /
aaron@nssolution.com), Lawless the saint ;), dig0, p1x3l, dc and most
of all to my Lorie.
-- __________________________________________________________ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup
- Next message: Alec: "Re: Newbie questions"
- Previous message: : "Re: router firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
