Zone Labs SMTP Processing Vulnerability
Overview: A security vulnerability exists in specific versions of ZoneAlarm®, ZoneAlarm Pro, ZoneAlarm Plus and the Zone Labs Integrity™ client. This vulnerability is caused by an unchecked buffer in Simple Mail Transfer Protocol (SMTP) processing which could lead to a buffer overflow. In order to exploit the vulnerability without user assistance, the target system must be operating as an SMTP server. Zone Labs does not recommend using our client security products to protect servers.
Upgrading an affected Zone Labs product will remove this vulnerability.
Date Published: February 18, 2004
Last Update: February 18, 2004
Impact: If successfully exploited, a skilled attacker could cause the firewall to stop processing traffic, execute arbitrary code, or elevate malicious code’s privileges.
Zone Labs recommends affected users update their software to the current versions which address the issue.
Affected Products:
ZoneAlarm family of products and Integrity client versions 4.0 and above.
Unaffected Products:
ZoneAlarm and Integrity client versions earlier than 4.0.
Integrity Server and Integrity Clientless Security products are not affected.
Description: Zone Labs desktop security products process SMTP in order to perform various security functions. Due to an unchecked buffer in the SMTP processing system, a skilled attacker could cause the firewall to stop processing traffic or execute arbitrary code.
Successful exploitation requires one of the following scenarios and applies only to SMTP traffic:
A program listening on port 25/TCP (SMTP) of the target system. This condition is usually only present on SMTP servers. Zone Labs does not recommend using our client security products to protect servers.
A malicious program running on the protected system could trigger the buffer overflow and gain SYSTEM privileges if the user or administrator has given it permission to access the network.
In all cases, the program requesting network access must be approved by the user through the Program Control policy.
Recommended Actions: ZoneAlarm, ZoneAlarm Plus, and ZoneAlarm Pro users should upgrade to version: 4.5.538.001.
To update your Zone Labs client product:
Select Overview > Preferences.
In the Check for Updates area, choose an update option.
Automatically: Zone Labs security software automatically notifies you when an update is available.
Manually: You monitor the Status tab for updates. To invoke an update check immediately, click "Check for Update".
Integrity 4.0 users should upgrade to Integrity client version: 4.0.146.046.
Integrity 4.5 users should upgrade to Integrity client version: 4.5.085.
Integrity updates are available on the Zone Labs Enterprise Support web site.
Related Resources:
Zone Labs Security Services
http://www.zonelabs.com/store/content/support/securityUpdate.jsp
Acknowledgments: Zone Labs would like to acknowledge eEye Digital Security for reporting this issue to Zone Labs.
Preuzeto sa sajta ZoneLabs
|