what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

ZL04-008.txt

ZL04-008.txt
Posted Feb 19, 2004
Site zonelabs.com

A security vulnerability exists in specific versions of ZoneAlarm,ZoneAlarm Pro, ZoneAlarm Plus and the Zone Labs Integrity client. This vulnerability is caused by an unchecked buffer in Simple Mail Transfer Protocol (SMTP) processing which could lead to a buffer overflow. In order to exploit the vulnerability without user assistance, the target system must be operating as an SMTP server.

tags | advisory, overflow, protocol
SHA-256 | a51d268547556e424ab64f13858af48698b174a1963e715659d2179f18b08318

ZL04-008.txt

Change Mirror Download
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Zone Labs Security Advisory ZL04-008
Zone Labs SMTP Processing Vulnerability

Date Published February 18, 2004
Date Last Revised February 18, 2004

Severity Medium


Overview
========

A security vulnerability exists in specific versions of ZoneAlarm,
ZoneAlarm Pro, ZoneAlarm Plus and the Zone Labs Integrity client.
This vulnerability is caused by an unchecked buffer in Simple Mail
Transfer Protocol (SMTP) processing which could lead to a buffer
overflow. In order to exploit the vulnerability without user
assistance, the target system must be operating as an SMTP server.
Zone Labs does not recommend using our client security products to
protect servers.

Upgrading an affected Zone Labs product will remove this
vulnerability.

Impact
======

If successfully exploited, a skilled attacker could cause the
firewall to stop processing traffic, execute arbitrary code, or
elevate malicious code's privileges.

Zone Labs recommends affected users update their software to the
current versions which address the issue.

Affected Products
* ZoneAlarm family of products and Integrity client versions
4.0 and above

Unaffected Products
* ZoneAlarm and Integrity client versions earlier than 4.0

Integrity Server and Integrity Clientless Security products are not
affected.

Description
===========

Zone Labs desktop security products process SMTP in order to perform
various security functions. Due to an unchecked buffer in the SMTP
processing system, a skilled attacker could cause the firewall to
stop processing traffic or execute arbitrary code.

Successful exploitation requires one of the following scenarios and
applies only to SMTP traffic:

* A program listening on port 25/TCP (SMTP) of the target system.
This condition is usually only present on SMTP servers.
Zone Labs does not recommend using our client security products
to protect servers.

* A malicious program running on the protected system could
trigger the buffer overflow and gain SYSTEM privileges if the
user or administrator has given it permission to access the
network.

In all cases, the program requesting network access must be approved
by the user through the Program Control policy.

Recommended Actions
===================

ZoneAlarm, ZoneAlarm Plus, and ZoneAlarm Pro users should upgrade to
version: 4.5.538.001

To update your Zone Labs client product:

1. Select Overview | Preferences.

2. In the Check for Updates area, choose an update option.

Automatically: Zone Labs security software automatically notifies
you when an update is available.

Manually: You monitor the Status tab for updates. To invoke an
update check immediately, click Check for Update.

Integrity 4.0 users should upgrade to Integrity client version:
4.0.146.046

Integrity 4.5 users should upgrade to Integrity client version:
4.5.085

Integrity updates are available on the Zone Labs Enterprise Support
web site.

Related Resources
=================

* Zone Labs Security Services:

http://www.zonelabs.com/store/content/support/securityUpdate.jsp

Acknowledgments
===============

Zone Labs would like to acknowledge eEye Digital Security for
reporting this issue to Zone Labs.

Contact
=======

Zone Labs customers who are concerned about this vulnerabilities or
have additional technical questions may reach our Technical Support
group at: http://www.zonelabs.com/support/

To report security issues with Zone Labs products contact:
security@zonelabs.com

Disclaimer
==========

The information in the advisory is believed to be accurate at the
time of publishing based on currently available information. Use of
the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the
author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or
reliance on, this information. Zone Labs and Zone Labs products, are
registered trademarks of Zone Labs Incorporated and/or affiliated
companies in the United States and other countries. All other
registered and unregistered trademarks represented in this document
are the sole property of their respective companies/owners.

Copyright
=========

2004 Zone Labs, Inc. All rights reserved. Zone Labs, TrueVector,
ZoneAlarm, and Cooperative Enforcement are registered trademarks of
Zone Labs, Inc. The Zone Labs logo, Zone Labs Integrity and IMsecure
are trademarks of Zone Labs, Inc. Zone Labs Integrity protected under
U.S. Patent No. 5,987,611. Reg. U.S. Pat. & TM Off. Cooperative
Enforcement is a service mark of Zone Labs, Inc. All other trademarks
are the property of their respective owners.

Permission to redistribute this alert electronically is granted as
long as it is not edited in any way unless authorized by Zone Labs.
Reprinting the whole or part of this alert in any medium other than
electronically requires permission from Zone Labs.

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBQDQEQFDxXw2Is3mLEQLU8gCggqFKIurmeuyl6JQVslFXeP7QFxAAnRnt
jDZGXRzVYVe4glFzXf80lSx/
=3tRs
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close