Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Advisory:Multiple Vulnerabilities in ZoneAlarm

From: "Chris St. Clair" <chris_stclair () HOTMAIL COM>
Date: Wed, 3 Jan 2001 01:52:48 -0000
Whereas I agree it would be desirable for ZoneLabs to fix any >notified
vulnerabilities, I share the view that in terms of RISK the >issue is of
limited importance until an exploit can be devised that >can take advantage
of the theoretical weakness.


As one of the people that found this problem, I can tell you
that during the testing of this issue with ZoneAlarm we developed
methods to exploit it with ~ 85% reliability.

Agreed, there are a lot of things that have to go "just right" in
order to be able to pull it off successfully. And it's also agreed
that the risk level is relatively low. However, the point stands
that there are other products out there that have similar
functionality but do not exhibit the same weaknesses as ZoneAlarm.

-chris

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
Previous By Date Next
Previous By Thread Next

Current thread: