ZoneAlarm Bug Bares System To E-Mail Attack
The popular PC personal firewall is subject to buffer overflow and system compromise.Security vendor Zone Labs has disclosed that several versions of its personal-firewall products are vulnerable to a buffer-overflow attack that could compromise the system. ZoneAlarm, ZoneAlarm Plus and ZoneAlarm Pro 4.0.0 versions; ZoneAlarm Pro 4.5.0; as well as Zone Labs Integrity Client 4.0.0 are vulnerable, the company said. Versions earlier than 4.0.0 are not. ZoneAlarm users are advised to upgrade to Version 4.5.538.001. (See the Zone Labs advisory for more details and how to obtain the upgrades. The problem was described by eEye Digital Security on the BugTraq mailing list. The firewalls process SMTP (e-mail) traffic sent to or from the system. According to the description, a sufficiently large value in the SMTP "RCPT TO" command can overflow a stack-based buffer in the TrueVector Internet Monitor (vsmon.exe) process.
According to Zone Labs, "If successfully exploited, a skilled attacker could cause the firewall to stop processing traffic, execute arbitrary code, or elevate malicious codes privileges."