Question about the Labrea vulnerability.

Re: this article: Flawed outbound packet filtering in various personal firewalls

From http://www.hackbusters.net/ob.html :

"We are pleased to announce that Sygate Personal Firewall v5.0 has corrected this issue. Sygate has been incredibly responsive and helpful-- they contacted us, they listened, and they got it right. Way to go Sygate!
We are also pleased to announce that Look n' Stop 2.03 Beta 01 now also correctly blocks non-winsock packets.The folks who make Look n' Stop were perhaps the first to react with a proposal of how best to handle packets that don't follow the standard winsock "route".
Now Kerio Personal Firewall (used to be Tiny Personal Firewall) as of version 2.1.0 correctly blocks non-winsock packets. Kudos to the folks at Kerio"

Thus far, we have confirmation that the currently released versions of the following personal firewalls are vulnerable on the listed platforms:
AtGuard v3.2 (Win9x)
Norton Internet Security (Win2K)
Tiny Personal Firewall (Win9x/Win2K)
ZoneAlarm and ZoneAlarmPro (Win9x/Win2K)"

Is that the latest state of affairs?

And how much of a clear and present danger is this vulnerability anyway?

Anything known about systems having been compromised in this way?

 

Hello,

First of all it's interesting to know that this "vulnerabilitie" only exists if your willingly install
For Win95/98/ME: packet.dll and packet.vxd
For WinNT: packetnt.dll and packet.sys
For Win2K: packet.dll and packet.sys
on you OS
They are only used by some sniffers and special applications very few people use.
If you don't use such applications, you don't have those libraries and you need to install them in order to run the test.
If you don't have those libraries on your OS, do NOT install them : you stay immune, it would be stupid installing anything useless and introduce a possible flaw just for the pleasure of running a leaktest
which cannot affect you if you stay as you are :-D

BTW a use a sniffer which does not require those libraries :
sniffer Pro.

Rgds,

JacK

 

Thanks for that explanation, Jack.

So in terms of real danger, this could really be considered a storm in a teacup?

 

Hi,

Yes if you don't use such apps requiring those dll
NO if you have those *.dll already on your system for any good or bad reason

JacK

 

I agree, this one is not one of the leaks that is likely to cause much heartache.
I do not know about the other firewalls, but the developers of Outpost have a fix for all known leaktests in the next major update to version 1.1.
I think we all need to temper the concern about these firewall exploits with the fact that none of these have shown up yet. (Knock on wood) I think the firewall developers need to try to stay one step ahead of the bad guys, and I think most are trying.
Some of these exploits are going to be tough to counter, since the way Windows is built, it allows one program to use another program with any special permissions.
It really would help if M$ would get their act together on security without going the route of Palladium.
Just my $.02.