lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: jlacour at zonelabs.com (John LaCour)
Subject: Vulnerability ZoneAlarm Pro 4.5.532.000

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Zone Labs response concerning a reported Denial of Service 
vulnerability in ZoneAlarm Pro v4.5.532.

Zone Labs is aware of a reported Denial of Service vulnerability in 
ZoneAlarm Pro v4.5.532 as reported by Marko Rogge of German-Secure 
on the Full-Disclosure mailing list on January 28th.  We first 
received this report on Tuesday January 27th.  

Zone Labs has reviewed the test results presented by Mr. Rogge and 
used a similar methodology to try and reproduce his findings.  We 
were unable to do so and, as a result, we do not believe that 
Mr. Rogge's tests indicate that there are any vulnerabilities in 
ZoneAlarm Pro or other Zone Labs products.  

In our own testing, using similarly configured systems, we do see 
an increase in CPU utilization at higher packet rates - up to 
approximately 20%.  However, in no cases does the system become 
unresponsive.  Additionally, the firewall continues to perform its 
job of allowing or denying traffic based on the configured policy.

Zone Labs would also like to point out the connection speed of 
55 Mbps in the test case reported is 50 to 500 times the bandwidth 
available to a typical broadband user.  In real-world scenarios, 
a user's bandwidth would be exhausted prior to the network traffic 
having a significant impact to ZoneAlarm Pro.

Additionally, Mr. Rogge and Mixter did not report the results of 
the system when the ZoneAlarm firewall was not present.  At extreme 
data rates any system's performance will be impaired by a denial 
of service attack regardless of the presence of ZoneAlarm Pro.

In summary, ZoneAlarm Pro users are not vulnerable to a denial of 
service attack as a result of using ZoneAlarm Pro, nor can a denial 
of service attack be used to circumvent ZoneAlarm Pro's protection.

Zone Labs takes security vulnerability issues very seriously and 
welcomes the opportunity to work with the security community.  
While we appreciate Mr. Rogge bringing the matter to our attention, 
we ask that all security researchers contact us on
security@...elabs.com 
(as mentioned in all of our security advisories), and that in 
accordance with industry practice, we be given up to 7 days to
respond 
before any issues are disclosed publicly.  In all cases, Zone Labs 
will make every attempt possible to acknowledge the report within 
48 hours.

John LaCour
Zone Labs 
Security Response Team Manager
security@...elabs.com

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBQBl2DqeZbSyAsADEEQImwACg/UWJ64y+IAgs1Nr5I8hTgHcAnzgAoLwu
/axIMKc6zI27IdW4DwrJXCQd
=IXFN
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ