Full Disclosure mailing list archives
RE: Vulnerability ZoneAlarm Pro 4.5.532.000
From: "John LaCour" <jlacour () zonelabs com>
Date: Thu, 29 Jan 2004 13:07:27 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Zone Labs response concerning a reported Denial of Service vulnerability in ZoneAlarm Pro v4.5.532. Zone Labs is aware of a reported Denial of Service vulnerability in ZoneAlarm Pro v4.5.532 as reported by Marko Rogge of German-Secure on the Full-Disclosure mailing list on January 28th. We first received this report on Tuesday January 27th. Zone Labs has reviewed the test results presented by Mr. Rogge and used a similar methodology to try and reproduce his findings. We were unable to do so and, as a result, we do not believe that Mr. Rogge's tests indicate that there are any vulnerabilities in ZoneAlarm Pro or other Zone Labs products. In our own testing, using similarly configured systems, we do see an increase in CPU utilization at higher packet rates - up to approximately 20%. However, in no cases does the system become unresponsive. Additionally, the firewall continues to perform its job of allowing or denying traffic based on the configured policy. Zone Labs would also like to point out the connection speed of 55 Mbps in the test case reported is 50 to 500 times the bandwidth available to a typical broadband user. In real-world scenarios, a user's bandwidth would be exhausted prior to the network traffic having a significant impact to ZoneAlarm Pro. Additionally, Mr. Rogge and Mixter did not report the results of the system when the ZoneAlarm firewall was not present. At extreme data rates any system's performance will be impaired by a denial of service attack regardless of the presence of ZoneAlarm Pro. In summary, ZoneAlarm Pro users are not vulnerable to a denial of service attack as a result of using ZoneAlarm Pro, nor can a denial of service attack be used to circumvent ZoneAlarm Pro's protection. Zone Labs takes security vulnerability issues very seriously and welcomes the opportunity to work with the security community. While we appreciate Mr. Rogge bringing the matter to our attention, we ask that all security researchers contact us on security () zonelabs com (as mentioned in all of our security advisories), and that in accordance with industry practice, we be given up to 7 days to respond before any issues are disclosed publicly. In all cases, Zone Labs will make every attempt possible to acknowledge the report within 48 hours. John LaCour Zone Labs Security Response Team Manager security () zonelabs com -----BEGIN PGP SIGNATURE----- Version: PGP 8.0.2 iQA/AwUBQBl2DqeZbSyAsADEEQImwACg/UWJ64y+IAgs1Nr5I8hTgHcAnzgAoLwu /axIMKc6zI27IdW4DwrJXCQd =IXFN -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Vulnerability ZoneAlarm Pro 4.5.532.000 Marko Rogge | German-Secure (Jan 28)
- <Possible follow-ups>
- RE: Vulnerability ZoneAlarm Pro 4.5.532.000 John LaCour (Jan 29)
- AW: Vulnerability ZoneAlarm Pro 4.5.532.000 Marko Rogge | German-Secure (Jan 30)