lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20030807022741.28171.qmail@www.securityfocus.com>
Date: 7 Aug 2003 02:27:41 -0000
From: Corey Bridges <cbridges@...elabs.com>
To: bugtraq@...urityfocus.com
Subject: Re: [sec-labs] Zone Alarm Device Driver vulnerability


In-Reply-To: <20030804214610.5a04e2e8.noreply@...-labs.hack.pl>

Following is the official Zone Labs response to this report by Lord YuP. 


Corey Bridges
Chief Editor of E-Communities
Zone Labs, Inc.
(v) 415.341.8355 
(f) 415.341.8299 

***

Zone Labs response to Device Driver Attack

OVERVIEW:  This vulnerability describes a way to send unauthorized 
commands to a Zone Labs device driver and potentially cause unexpected 
behavior. This proof-of-concept exploit represents a relatively low risk 
to Zone Labs users.  It is a “secondary” exploit that requires physical 
access to a machine or circumvention of other security measures included 
in Zone Labs consumer and enterprise products to exploit. We are working 
on a fix and will release it within 10 days.

EXPLOIT: The demonstration code is a proof-of-concept example that 
describes a potential attack against the Zone Labs device driver that is 
part of the TrueVector client security engine. In the exploit, a malicious 
application sends unauthorized commands to this device driver. The author 
also claims that this could potentially compromise system security. While 
we have verified that unauthorized commands could be sent to the device 
driver, we have not been able to verify that this exploit can actually 
affect system security. The code sample published was intentionally 
incomplete, to prevent malicious hackers from using it. 

RISK: We believe that the immediate risk to users from this exploit is 
low, for several reasons: this is a secondary attack, not a primary 
vulnerability created or allowed by our product. Successful exploitation 
of this vulnerability would require bypassing several other layers of 
protection in our products, including the stealth firewall and/or MailSafe 
email protection. To our knowledge, there are no examples of malicious 
software exploiting this vulnerability. Further, the code sample was 
written specifically to attack ZoneAlarm 3.1, an older version of our 
software. 

SOLUTION: Security for our users is our first concern, and we take reports 
of this kind seriously. We will be updating our products to address this 
issue by further strengthening protection for our device driver and will 
make these updates available in the next 10 days. Registered users who 
have enabled the "Check for Update" feature in ZoneAlarm, ZoneAlarm Plus, 
or ZoneAlarm Pro are informed by the software automatically whenever a new 
software update is released. Zone Labs will provide guidance to Integrity 
administrators regarding updating their client software.

CONTACT: Zone Labs customers who are concerned about the proof-of-concept 
Device Driver Attack or have additional technical questions may reach our 
Technical Support group at: 
http://www.zonelabs.com/store/content/support/support.jsp

ACKNOWLEDGEMENTS: Zone Labs would like to thank Lord YuP for bringing this 
issue to our attention. However, we would prefer to be contacted at 
security@...elabs.com prior to publication, in order to allow us to 
address any security issues up front.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ