Ghost
October 17th, 2002, 11:32 AM
http://online.securityfocus.com/archive/1/295434/2002-10-13/2002-10-19/0
"ZoneAlarm Pro 3.1.291 and 3.0 contains vulnerability that would let the attacker consume
all your CPU and Memory usage that would result to Denial of Service Attack through sending
multiple syn packets / synflooding.
Details:
Zone-Labs ZoneAlarm Pro 3.1.291 and 3.0 contains a vulnerability that would let the attacker
consume all your CPU and Memory usage that would result to Denial of Service Attack through
Synflooding that would cause the machine to stop from responding. Zone-Labs ZoneAlarm
Pro 3.1.291 and 3.0 is also vulnerable with IP Spoofing. This Vulnerabilities are confirmed
from the vendor.
Test diagram:
[*Nix b0x with IP Spoofing scanner / Flooder] <===[10/100mbps switch===> [Host with ZoneAlarm]
1] Tested under default install of the 2 versions after sending minimum of 300 Syn Packets
to port 1-1024 the machine will hang-up until the attack stopped.
2] We configured the ZoneAlarm firewall both version to BLOCK ALL traffic setting after sending
a minimum of 300 Syn Packets to port 1-1024 the machine will hang-up until the attack
stopped.
Workaround:
Disable ZoneAlarm and Hardened TCP/IP stack of your windows and Install latest Security
patch."
"ZoneAlarm Pro 3.1.291 and 3.0 contains vulnerability that would let the attacker consume
all your CPU and Memory usage that would result to Denial of Service Attack through sending
multiple syn packets / synflooding.
Details:
Zone-Labs ZoneAlarm Pro 3.1.291 and 3.0 contains a vulnerability that would let the attacker
consume all your CPU and Memory usage that would result to Denial of Service Attack through
Synflooding that would cause the machine to stop from responding. Zone-Labs ZoneAlarm
Pro 3.1.291 and 3.0 is also vulnerable with IP Spoofing. This Vulnerabilities are confirmed
from the vendor.
Test diagram:
[*Nix b0x with IP Spoofing scanner / Flooder] <===[10/100mbps switch===> [Host with ZoneAlarm]
1] Tested under default install of the 2 versions after sending minimum of 300 Syn Packets
to port 1-1024 the machine will hang-up until the attack stopped.
2] We configured the ZoneAlarm firewall both version to BLOCK ALL traffic setting after sending
a minimum of 300 Syn Packets to port 1-1024 the machine will hang-up until the attack
stopped.
Workaround:
Disable ZoneAlarm and Hardened TCP/IP stack of your windows and Install latest Security
patch."