Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2018 Tenable Network Security, Inc.ZONE_ALARM_LOCAL_DOS.NASL
HistorySep 15, 2004 - 12:00 a.m.

ZoneAlarm Pro Configuration File/Directory Permission Weakness DoS

2004-09-1500:00:00
This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
www.tenable.com
18

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

EPSS

0

Percentile

5.1%

JSON

This host is running a version of ZoneAlarm Pro that contains a flaw which may allow a local denial of service. To exploit this flaw, an attacker would need to tamper with the files located in %windir%/Internet Logs. An attacker may modify them and prevent ZoneAlarm from starting up properly.

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(14726);
 script_version("1.17");

 script_cve_id("CVE-2004-2713");

 script_name(english:"ZoneAlarm Pro Configuration File/Directory Permission Weakness DoS");

 script_set_attribute(attribute:"synopsis", value:
"This host is running a firewall with a denial of service vulnerability." );
 script_set_attribute(attribute:"description", value:
"This host is running a version of ZoneAlarm Pro that contains a flaw which may
allow a local denial of service. To exploit this flaw, an attacker would need
to tamper with the files located in %windir%/Internet Logs. An attacker may
modify them and prevent ZoneAlarm from starting up properly." );
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/fulldisclosure/2004/Aug/911");
 script_set_attribute(attribute:"solution", value:
"Upgrade to the latest version of this software." );
 script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
 script_cwe_id(264);

 script_set_attribute(attribute:"plugin_publication_date", value: "2004/09/15");
 script_set_attribute(attribute:"vuln_publication_date", value: "2004/08/20");
 script_cvs_date("Date: 2018/11/15 20:50:22");
script_set_attribute(attribute:"plugin_type", value:"local");
script_end_attributes();

 
 script_summary(english:"Check ZoneAlarm Pro version");
 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
 script_family(english:"Firewalls");
 script_dependencies("smb_hotfixes.nasl");
 script_require_keys("SMB/Registry/Enumerated");
 script_require_ports(139, 445);
 exit(0);
}


if ( ! get_kb_item("SMB/Registry/Enumerated") ) exit(1);

key = "SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/ZoneAlarm Pro/DisplayName";
key2 = "SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/ZoneAlarm Pro/DisplayVersion";

if (get_kb_item (key))
{
 version = get_kb_item (key2);
 if (version)
 {
  set_kb_item (name:"zonealarm/version", value:version);

  if(ereg(pattern:"[1-4]\.|5\.0\.|5\.1\.", string:version))
  {
   security_warning(0);
  }
 }
}

Related

nvd 1
openvas 2
cvelist 1
cve 1
nvd
nvd
CVE-2004-2713
2004-12-31 05:00:00
openvas
openvas
ZoneAlarm Pro Local DoS Vulnerability (CVE-2004-2713)
2005-11-03 00:00:00
ZoneAlarm Pro local DoS
2005-11-03 00:00:00
cvelist
cvelist
CVE-2004-2713
2007-10-06 21:00:00
cve
cve
CVE-2004-2713
2007-10-06 21:00:00

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

EPSS

0

Percentile

5.1%

JSON
Related for ZONE_ALARM_LOCAL_DOS.NASL
nvd1openvas2cvelist1cve1