ZoneAlarm SMTP Service Overflow

2004-02-18T06:46:52
ID OSVDB:3991
Type osvdb
Reporter Riley Hassell(riley@eeye.com)
Modified 2004-02-18T06:46:52

Description

Vulnerability Description

A remote overflow exists in ZoneAlarm. The 'vsmon.exe' program fails to perform proper bounds checking resulting in a buffer overflow. By specifying a overly long argument in the RCPT TO command, a remote attacker can cause arbitrary code execution with SYSTEM privileges resulting in a loss of integrity.

Solution Description

ZoneAlarm, ZoneAlarm Pro, ZoneAlarm Plus users should upgrade to 4.5.594.000 or later. Integrity 4.0 users should upgrade to 4.0.146.046 or later. Integrity 4.5 users should upgrade to 4.5.085 or later. The versions have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in ZoneAlarm. The 'vsmon.exe' program fails to perform proper bounds checking resulting in a buffer overflow. By specifying a overly long argument in the RCPT TO command, a remote attacker can cause arbitrary code execution with SYSTEM privileges resulting in a loss of integrity.

References:

Vendor URL: http://www.zonelabs.com/store/content/home.jsp Security Tracker: 1009131 Secunia Advisory ID:10921 Other Advisory URL: http://download.zonelabs.com/bin/free/securityAlert/8.html Other Advisory URL: http://www.eeye.com/html/Research/Advisories/AD20040219.html ISS X-Force ID: 14991 CVE-2004-0309 CIAC Advisory: o-084 CERT VU: 619982 Bugtraq ID: 9696