|Home » News » Roundups
Consumer Alert - ZoneAlarm Pro 3.x
October 16, 2002 6:46PM UTC
It was bound to happen. Gregor Freund's carefully cultivated McAfee cash cow is splitting leaks all over the place.
In an advisory just posted to BugTraq, researcher 'Abraham Lincoln Hao' reveals a very deeply ingrained denial of service vulnerability in ZoneAlarm Pro 3.x - and this is something of a watershed for the shaky Windows personal firewall industry: the first-ever documented incident of a firewall being open to malicious attack.
If you are running ZAP 3.x, consider dismantling it and moving to better protection right now.
- The vulnerability has been tested with ZAP 3.x running WinNT 4 Workstation, WinNT SP6a, Win2K Professional, and Win2K Advanced Server SP3.
- Zone Labs was contacted over a month ago, and they have agreed there is a vulnerability, but so far no fix, thus the advisory: Honest Abe got understandably tired of waiting.
- The severity of the vulnerability is graded as 'high'.
ZAP is helpless against SYN floods, and will render its host machine useless by using up all available RAM and burning up the CPU. Hao didn't need much to crash the target box either: a mere 300 SYN packets sent to ports 1-1024 will do the trick. And Hao gave ZAP the benefit of the doubt, trying all possible configurations to thwart the attack - but nothing helped. Target machines running ZAP 3.x are 'toast'.
The researcher recommends discontinuing use of ZAP 3.x as the only possible workaround.