1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Bypassing ZoneAlarm

Discussion in 'Security and Privacy' started by Admin., 2003/06/30.

Thread Status:
Not open for further replies.
  1. 2003/06/30
    Admin.

    Admin. Administrator Administrator Staff Thread Starter

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    A recent post on Bugtraq has revealed a serious flaw in the core design of the freely-available personal firewall ZoneAlarm running on MS Windows. Thanks to the Win32 ShellExecute function in Windows, ZoneAlarm could theoretically be tweaked into opening an unsecured Internet connection and leaking information into web servers anywhere.

    Bugtraq
     
    Admin.,
    #1
  2. 2003/06/30
    dmz1967

    dmz1967 Inactive

    Joined:
    2002/04/13
    Messages:
    82
    Likes Received:
    0
    Thanks for the info!!
     
    dmz1967,
    #2


  3. to hide this advert.

  4. 2003/07/03
    mr.mark

    mr.mark Inactive

    Joined:
    2002/08/02
    Messages:
    491
    Likes Received:
    0
    from IGGY, Team Z member, posted to the dslreports security forum....

    Zonelabs WILL fix "hole" in free firewall

    "Regarding the "ShellExecute" vulnerability recently reported at BugTraq, Zone Labs will make a fix for its free ZoneAlarm product available in the next two weeks. In the meantime, users of ZoneAlarm should keep in mind the following facts:

    - This vulnerability has not been exploited to our knowledge.

    - This vulnerability requires that a malicious application is running on the affected PC. For this to occur, an attacker would have to break through the other protection layers of ZoneAlarm (firewall, stealth mode etc.) as a first step. "

    hth

    :)

    mark
     
    mr.mark,
    #3
  5. 2003/07/19
    mr.mark

    mr.mark Inactive

    Joined:
    2002/08/02
    Messages:
    491
    Likes Received:
    0
    from the same source....

    coming next week, a new version of ZoneAlarm 3.7, which is the free version (the paid versions are in the 4.0 build series now, or so i'm told)

    this new release will address the vulnerability that many of the security forums and news media were talking about a couple of weeks ago... the so-called "shell-exploit" reported at BugTraq

    hth

    :)

    mark
     
    mr.mark,
    #4
  6. 2003/07/23
    mr.mark

    mr.mark Inactive

    Joined:
    2002/08/02
    Messages:
    491
    Likes Received:
    0
    as promised...

    New and improved features in ZoneAlarm version 3.7.202

    Added functionality to defeat so-called "shell exploit"

    download
    here

    :)

    mark
     
    Last edited: 2003/07/23
    mr.mark,
    #5
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...