Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:3646
HistoryOct 17, 2002 - 12:00 a.m.

NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability

2002-10-1700:00:00
vulners.com
15
JSON

NSSI Technologies Inc Research Labs Security Advisory

http://www.nssolution.com (Philippines / .ph)

"Maximum e-security"

http://nssilabs.nssolution.com

ZoneAlarm Pro 3.1 and 3.0 Denial of Service Vulnerability

Author: Abraham Lincoln Hao / SunNinja

e-Mail: [email protected] / [email protected]

Advisory Code: NSSI-2002-zonealarm3

Tested: Under Win2k Advance Server with SP3 / WinNT 4.0 with SP6a / Win2K Professional /
WinNT 4.0 workstation

Vendor Status: Zone Labs is already contacted 1 month ago and they informed me that they
going to release an update or new version to patched the problem. This vulnerability is
confirmed by the vendor.

Vendors website: http://www.zonelabs.com

Severity: High

Overview:

 New ZoneAlarm® Pro delivers twice the security—Zone Labs’ award-winning, personal

firewall trusted by millions, plus advanced privacy features. the award-winning PC firewall
that blocks intrusion attempts and protects against Internet-borne threats like worms,
Trojan horses, and spyware.

ZoneAlarm Pro 3.1 and 3.0 doubles your protection with enhanced Ad Blocking and expanded
Cookie Control to speed up your Internet experience and stop Web site spying. Get
protected. Compatible with Microsoft® Windows® 98/Me/NT/2000 and XP.

ZoneAlarm Pro 3.1.291 and 3.0  contains vulnerability that would let the attacker

consume all your CPU and Memory usage that would result to Denial of Service Attack through
sending multiple syn packets / synflooding.

Details:

Zone-Labs ZoneAlarm Pro 3.1.291 and 3.0 contains a vulnerability that would let the

attacker consume all your CPU and Memory usage that would result to Denial of Service
Attack through Synflooding that would cause the machine to stop from responding. Zone-Labs
ZoneAlarm Pro 3.1.291 and 3.0 is also vulnerable with IP Spoofing. This Vulnerabilities are
confirmed from the vendor.

Test diagram:

[*Nix b0x with IP Spoofing scanner / Flooder] <===[10/100mbps switch===> [Host with
ZoneAlarm]

1] Tested under default install of the 2 versions after sending minimum of 300 Syn
Packets to port 1-1024 the machine will hang-up until the attack stopped.

2] We configured the ZoneAlarm firewall both version to BLOCK ALL traffic setting after
sending a minimum of 300 Syn Packets to port 1-1024 the machine will hang-up until the
attack stopped.

Workaround:

Disable ZoneAlarm and Hardened TCP/IP stack of your windows and Install latest

Security patch.

Note: To people who's having problem reproducing the vulnerability let me know :)

Any Questions? Suggestions? or Comments? let us know.

e-mail: [email protected] / [email protected] / [email protected]

greetings:
nssilabs team, especially to b45h3r and rj45, Most skilled and pioneers of NSSI good
luck!. ([email protected] / [email protected]), Lawless the saint ;), dig0, p1x3l, dc
and most of all to my Lorie.

Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

JSON