what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

zonealarmDriver2.txt

zonealarmDriver2.txt
Posted Aug 10, 2003
Authored by Corey Bridges | Site zonelabs.com

Response from Corey Bridges of ZoneAlarm in regards to the vulnerability originally discovered by Lord YuP in their device driver VSDATANT and the exploit that is circulating for it.

tags | advisory
SHA-256 | 4512058aba60fcf0849c6965870ff987198adc999b4c1041329bc6c2fa605f69

zonealarmDriver2.txt

Change Mirror Download
[Hello. I apologize for sending this response to your vulnerability-reporting address, but it doesn't appear that you have a separate address for responses to the alerts you post. This is in response to Lord YuP's report, which he did not inform us of prior to posting. Please don't hesitate to contact me at the contact info below for additional information. Thank you.]



Following is the official Zone Labs response to "Local ZoneAlarm Firewall (probably all versions - tested on v3.1)" originally written by Lord YuP.





Corey Bridges

Chief Editor of E-Communities

Zone Labs, Inc.

(v) 415.341.8355

(f) 415.341.8299



***



Zone Labs response to Device Driver Attack



OVERVIEW: This vulnerability describes a way to send unauthorized commands to a Zone Labs device driver and potentially cause unexpected behavior. This proof-of-concept exploit represents a relatively low risk to Zone Labs users. It is a “secondary” exploit that requires physical access to a machine or circumvention of other security measures included in Zone Labs consumer and enterprise products to exploit. We are working on a fix and will release it within 10 days.



EXPLOIT: The demonstration code is a proof-of-concept example that describes a potential attack against the Zone Labs device driver that is part of the TrueVector client security engine. In the exploit, a malicious application sends unauthorized commands to this device driver. The author also claims that this could potentially compromise system security. While we have verified that unauthorized commands could be sent to the device driver, we have not been able to verify that this exploit can actually affect system security. The code sample published was intentionally incomplete, to prevent malicious hackers from using it.



RISK: We believe that the immediate risk to users from this exploit is low, for several reasons: this is a secondary attack, not a primary vulnerability created or allowed by our product. Successful exploitation of this vulnerability would require bypassing several other layers of protection in our products, including the stealth firewall and/or MailSafe email protection. To our knowledge, there are no examples of malicious software exploiting this vulnerability. Further, the code sample was written specifically to attack ZoneAlarm 3.1, an older version of our software.



SOLUTION: Security for our users is our first concern, and we take reports of this kind seriously. We will be updating our products to address this issue by further strengthening protection for our device driver and will make these updates available in the next 10 days. Registered users who have enabled the "Check for Update" feature in ZoneAlarm, ZoneAlarm Plus, or ZoneAlarm Pro are informed by the software automatically whenever a new software update is released. Zone Labs will provide guidance to Integrity administrators regarding updating their client software.



CONTACT: Zone Labs customers who are concerned about the proof-of-concept Device Driver Attack or have additional technical questions may reach our Technical Support group at: http://www.zonelabs.com/store/content/support/support.jsp <http://www.zonelabs.com/store/content/support/support.jsp>



ACKNOWLEDGEMENTS: Zone Labs would like to thank Lord YuP for bringing this issue to our attention. However, we would prefer to be contacted at security@zonelabs.com <mailto:security@zonelabs.com> prior to publication, in order to allow us to address any security issues up front.





Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close