Re: NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability
From: REMOVE (@yahoo.com)
Date: 12/20/02
- Next message: MiniEmma: "Re: Zone Alarm and LAN"
- Previous message: Enkidu: "Re: Firewall that blocks NetBEUI etc."
- Next in thread: Eirik Seim: "Re: NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability"
- Reply: Eirik Seim: "Re: NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability"
- Reply: Paul Angstrom: "Re: NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Tracker <"trackers(REMOVE)"@yahoo.com> Date: Sat, 21 Dec 2002 00:14:28 +0300
Tracker wrote:
> Subject: NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service
> Vulnerability
>
> NSSI Technologies Inc Research Labs Security Advisory
>
> http://www.nssolution.com (Philippines / .ph)
>
> "Maximum e-security"
>
> http://nssilabs.nssolution.com
>
> ZoneAlarm Pro 3.1 and 3.0 Denial of Service Vulnerability
>
> Author: Abraham Lincoln Hao / SunNinja
>
> e-Mail: abraham@nssolution.com / SunNinja@Scientist.com
>
> Advisory Code: NSSI-2002-zonealarm3
>
> Tested: Under Win2k Advance Server with SP3 / WinNT 4.0 with SP6a /
> Win2K Professional / WinNT 4.0 workstation
>
> Vendor Status: Zone Labs is already contacted 1 month ago and they
> informed me that they going to release an update or new version to
> patched the problem. This vulnerability is confirmed by the vendor.
>
> Vendors website: http://www.zonelabs.com
>
> Severity: High
>
> Overview:
>
> New ZoneAlarm® Pro delivers twice the security—Zone Labs’
> award-winning, personal firewall trusted by millions, plus advanced
> privacy features. the award-winning PC firewall that blocks intrusion
> attempts and protects against Internet-borne threats like worms, Trojan
> horses, and spyware.
>
> ZoneAlarm Pro 3.1 and 3.0 doubles your protection with enhanced Ad
> Blocking and expanded Cookie Control to speed up your Internet
> experience and stop Web site spying. Get protected. Compatible with
> Microsoft® Windows® 98/Me/NT/2000 and XP.
>
> ZoneAlarm Pro 3.1.291 and 3.0 contains vulnerability that would let
> the attacker consume all your CPU and Memory usage that would result to
> Denial of Service Attack through sending multiple syn packets /
> synflooding.
>
> Details:
>
> Zone-Labs ZoneAlarm Pro 3.1.291 and 3.0 contains a vulnerability
> that would let the attacker consume all your CPU and Memory usage that
> would result to Denial of Service Attack through Synflooding that would
> cause the machine to stop from responding. Zone-Labs ZoneAlarm Pro
> 3.1.291 and 3.0 is also vulnerable with IP Spoofing. This
> Vulnerabilities are confirmed from the vendor.
>
> Test diagram:
>
> [*Nix b0x with IP Spoofing scanner / Flooder] <===[10/100mbps
> switch===> [Host with ZoneAlarm]
>
> 1] Tested under default install of the 2 versions after sending minimum
> of 300 Syn Packets to port 1-1024 the machine will hang-up until the
> attack stopped.
>
> 2] We configured the ZoneAlarm firewall both version to BLOCK ALL
> traffic setting after sending a minimum of 300 Syn Packets to port
> 1-1024 the machine will hang-up until the attack stopped.
>
> Workaround:
>
> Disable ZoneAlarm and Hardened TCP/IP stack of your windows and
> Install latest Security patch.
>
> Note: To people who's having problem reproducing the vulnerability let
> me know :)
>
> Any Questions? Suggestions? or Comments? let us know.
>
> e-mail: nssilabs@nssolution.com / abraham@nssolution.com /
> infosec@nssolution.com
>
> greetings:
> nssilabs team, especially to b45h3r and rj45, Most skilled and
> pioneers of NSSI good luck!. (mike@nssolution.com /
> aaron@nssolution.com), Lawless the saint ;), dig0, p1x3l, dc and most
> of all to my Lorie.
> --
> __________________________________________________________
> Sign-up for your own FREE Personalized E-mail at Mail.com
> http://www.mail.com/?sr=signup
Thanks for providing me with the above information. NOW I KNOW WHO STOLE MY
YAHOO PASSWORD!
TRACKER
- Next message: MiniEmma: "Re: Zone Alarm and LAN"
- Previous message: Enkidu: "Re: Firewall that blocks NetBEUI etc."
- Next in thread: Eirik Seim: "Re: NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability"
- Reply: Eirik Seim: "Re: NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability"
- Reply: Paul Angstrom: "Re: NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
