Zone Labs Home Security you can trust.
Search Site
    
  
 
Home/Office Products
Download & Buy
Enterprise Solutions
Service & Support
Partner Programs
About Zone Labs LLC
 
Home
Site Map
Privacy Policy
Contact Us

 
Zone Labs Security Advisory Severity: Medium

Zone Labs SMTP Processing Vulnerability

Overview: A security vulnerability exists in specific versions of ZoneAlarm®, ZoneAlarm Pro, and ZoneAlarm Plus. This vulnerability is caused by an unchecked buffer in Simple Mail Transfer Protocol (SMTP) processing which could lead to a buffer overflow. In order to exploit the vulnerability without user assistance, the target system must be operating as an SMTP server. Zone Labs does not recommend using our client security products to protect servers.

Upgrading an affected Zone Labs product will remove this vulnerability.

Date Published: February 18, 2004
Last Update: February 18, 2004

Impact: If successfully exploited, a skilled attacker could cause the firewall to stop processing traffic, execute arbitrary code, or elevate malicious code's privileges.

Zone Labs recommends affected users update their software to the current versions which address the issue.

Affected Products:

  • ZoneAlarm family of products versions 4.0 and above.

Unaffected Products:

  • ZoneAlarm versions earlier than 4.0.

Description: Zone Labs desktop security products process SMTP in order to perform various security functions. Due to an unchecked buffer in the SMTP processing system, a skilled attacker could cause the firewall to stop processing traffic or execute arbitrary code.

Successful exploitation requires one of the following scenarios and applies only to SMTP traffic:

  • A program listening on port 25/TCP (SMTP) of the target system. This condition is usually only present on SMTP servers. Zone Labs does not recommend using our client security products to protect servers.
  • A malicious program running on the protected system could trigger the buffer overflow and gain SYSTEM privileges if the user or administrator has given it permission to access the network.

In all cases, the program requesting network access must be approved by the user through the Program Control policy.

Recommended Actions: ZoneAlarm, ZoneAlarm Plus, and ZoneAlarm Pro users should upgrade to version: 4.5.594.000.

To update your Zone Labs client product:

  1. Select Overview > Preferences.
  2. In the Check for Updates area, choose an update option.

    Automatically: Zone Labs security software automatically notifies you when an update is available.

    Manually: You monitor the Status tab for updates. To invoke an update check immediately, click "Check for Update".

Related Resources:

Acknowledgments: Zone Labs would like to acknowledge eEye Digital Security for reporting this issue to Zone Labs.

Contact: Zone Labs customers who are concerned about these vulnerabilities or have additional technical questions may reach our Technical Support group at: http://www.zonelabs.com/store/content/support/support.jsp. To report security issues with Zone Labs products contact security@zonelabs.com.

Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information. Zone Labs and Zone Labs products, are registered trademarks of Zone Labs Incorporated. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.

Copyright: ©2004 Zone Labs LLC All rights reserved. Zone Labs, TrueVector, ZoneAlarm, and Cooperative Enforcement are registered trademarks of Zone Labs LLC The Zone Labs logo, Check Point Integrity and IMsecure are trademarks of Zone Labs LLC Check Point Integrity protected under U.S. Patent No. 5,987,611. Reg. U.S. Pat. & TM Off. Cooperative Enforcement is a service mark of Zone Labs LLC All other trademarks are the property of their respective owners.

Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Zone Labs. Reprinting the whole or part of this alert in any medium other than electronically requires permission from Zone Labs.

 
    Home    Home/Office Products     Download & Buy     Enterprise Solutions     Service & Support     Partner Programs     About Zone Labs  

©1999-2006 Zone Labs LLC All rights reserved.