Bugtraq mailing list archives
Re: Advisory:Multiple Vulnerabilities in ZoneAlarm
From: Steve <smanzuik () TELUSPLANET NET>
Date: Thu, 21 Dec 2000 11:11:37 -0700
Comments in line with text.
Unfortunately, ZoneAlarm does not allow its users to maintain a true understanding of their threat level and exposure. Attackers scanning a system employing ZoneAlarm will go unnoticed when using the common Nmap scan types ACK, FIN, Xmas, Window & Null. While these scans do not return lists of open ports to the attacker, the ZoneAlarm user is not aware of the probe or the possibility of attacks being directed against them.
But the scans do not provide any information so where is the security issue? How is the typical home user at risk by not knowing that someone is scanning them and not receiving any replies?
In addition, a window of opportunity exists during the boot process, which allows a remote attacker access to shared resources available on the ZoneAlarm protected device. If file sharing is enabled via Windows
Did you actually test this? Granted, Internet connectivity is available at a small point before the Zone Alarm services start but there is a very small window to be exploited. Not only that, how do you suppose one detects when a Zone Alarm users reboots his machine? Plus, you would have literally seconds (on my machines anyways) to get at the registry. Plus, once Zone Alarm starts, the netbios connection will no longer function and you will not be able to finish any changes you have been making.
According to the manufacturer, "More than 8 million PC users have downloaded ZoneAlarm", making it a very popular target indeed. Zone Labs has been advised of these vulnerabilities and no patch or work around has been provided.
I don't agree. The window of opportunity is 1.) Very small and 2.) Undetectable. The unreported port scans while they do not give the user any warning or information, they also do not give the attacker any information so I do not see where the harm is. Regards; Steve Manzuik Moderator - Win2KSecAdvice
Current thread:
- Advisory:Multiple Vulnerabilities in ZoneAlarm alerts (Dec 21)
- <Possible follow-ups>
- Re: Advisory:Multiple Vulnerabilities in ZoneAlarm Steve (Dec 21)
- Re: Advisory:Multiple Vulnerabilities in ZoneAlarm foobar (Dec 22)
- Re: Advisory:Multiple Vulnerabilities in ZoneAlarm Ian Bryant (Dec 26)
- Re: Advisory:Multiple Vulnerabilities in ZoneAlarm Stephen M. Milton (Dec 27)
- Re: Advisory:Multiple Vulnerabilities in ZoneAlarm Ian Bryant (Dec 26)