ZoneAlarm Personal Firewall UDP Source Port 53 Bypass

2000-04-20T00:00:00
ID OSVDB:4745
Type osvdb
Reporter Wally Whacker(whacker@hackerwhacker.com)
Modified 2000-04-20T00:00:00

Description

Vulnerability Description

ZoneAlarm contains a flaw that may allow a remote attacker to bypass the ruleset. The issue is due to ZoneAlarm not monitoring and alerting UDP traffic with a source port of 53. This allows an attacker to bypass the firewall to reach protected hosts without setting off warnings on the firewall.

Solution Description

Upgrade to version 2.1.25 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

ZoneAlarm contains a flaw that may allow a remote attacker to bypass the ruleset. The issue is due to ZoneAlarm not monitoring and alerting UDP traffic with a source port of 53. This allows an attacker to bypass the firewall to reach protected hosts without setting off warnings on the firewall.

References:

Vendor URL: http://www.zonelabs.com/ Related OSVDB ID: 1294 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-04/0145.html