Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Advisory:Multiple Vulnerabilities in ZoneAlarm

From: bacano <bacano () ESOTERICA PT>
Date: Sat, 30 Dec 2000 14:40:46 -0000
Hi2all

The original post of this supposed vulnerabilities didn't give me any
concern since the tiny window here was a little more tiny as the one
reported (no DSL or cable, no win2k or NT), but after it I went to some
tests.
So far, since no othter kind of attack was made (yet?), i can say that scans
on port 1080 (tcp) are not detected. I don't have any wingate (or whatever)
running, but many home users that are using ZoneAlarm, or ZoneAlarmPro
(tested version), may have one. Even if they are not vulnerable, they are
loosing the chance to detect, log and report some attacks. Since attacks on
1080 are a very well known realitty, even if there isn't a chance for a
success of the attacker, this should be logged and reported to the proper
authorities. Users (only) using ZoneAlarm or ZoneAlarm Pro can't do so, then
i suppose there is a(some) real problem(s) here.

Just a note, i didn't 'test myself' using other box, i did put a box
connected on some wild places to see what may happend. A trully lame version
of the Honeypot project i must say, but for the propose it worked =;o)

[12/29/2000 22:07:03.830 GMT] Connection: xxxxx.xxxxx.xx (xxx.xxx.xxx.xxx)
on port 1080 (tcp).
[12/29/2000 22:07:03.830 GMT] Disconnect: xxxxx.xxxxx.xx (xxx.xxx.xxx.xxx)
on port 1080 (tcp).
[12/29/2000 22:07:03.830 GMT] Port 1080 (tcp) is now disabled for 60
seconds.
(from 'oldie' nukebabber, after traffic from untrusted host was detected and
ZoneAlarm shutdown)

[  ]'s bacano


----- Original Message -----
From: "Stephen M. Milton" <milton () ISOMEDIA COM>
To: <BUGTRAQ () SECURITYFOCUS COM>
Sent: Wednesday, December 27, 2000 6:30 PM
Subject: Re: Advisory:Multiple Vulnerabilities in ZoneAlarm



Whereas I agree it would be desirable for ZoneLabs to fix any notified
vulnerabilities, I share the view that in terms of RISK the issue is of
limited importance until an exploit can be devised that can take

advantage

of the theoretical weakness.


This is a terrible idea.  The concept that a bug should not be fixed until
AFTER an exploit has been found and demonstrated is ludicrous.  Security
bugs are especially important to fix BEFORE the exploit has been created.

2cents.

Stephen Milton
Vice President
ISOMEDIA, Inc.
Previous By Date Next
Previous By Thread Next

Current thread: