lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <!~!UENERkVCMDkAAQACAAAAAAAAAAAAAAAAABgAAAAAAAAAk/lP6Lk3CEC0SG15frJs98KAAAAQAAAAbIoaRLYwXUW4/A+51/EycQEAAAAA@german-secure.de> From: mr at german-secure.de (Marko Rogge | German-Secure) Subject: AW: Vulnerability ZoneAlarm Pro 4.5.532.000 Hi Mr. La Cour & Readers! You are missing one fact, which we didn't explicitly state, which is that the target system was connected through a normal DSL home user's connection with a bandwidth of 768 kb/s. So, yes, it is clear that the available bandwidth was exceeded in any case, with or without Zone Alarm. However, as our detailed test report shows, with Zone Alarm handling that bandwidth of a 768 kb/s stream of incoming UDP DoS packets, the Zone Alarm was already using close to 100% CPU on our high-end system, and became unresponsive, and this especially with tiny UDP packets to random ports apart from other attacks, so we clearly _have_ a performance flaw of Zone Alarm here. Marko Rogge / german-secure.de Mixter / Securityspecialist >>|-----Urspr?ngliche Nachricht----- >>|Von: John LaCour [mailto:jlacour@...elabs.com] >>|Gesendet: Donnerstag, 29. Januar 2004 22:07 >>|An: mr@...man-secure.de; full-disclosure@...ts.netsys.com >>|Betreff: RE: [Full-Disclosure] Vulnerability ZoneAlarm Pro >>|4.5.532.000 >>|Vertraulichkeit: Pers?nlich >>| >>| >>|-----BEGIN PGP SIGNED MESSAGE----- >>|Hash: SHA1 >>| >>|Zone Labs response concerning a reported Denial of Service >>|vulnerability in ZoneAlarm Pro v4.5.532. >>| >>|Zone Labs is aware of a reported Denial of Service >>|vulnerability in ZoneAlarm Pro v4.5.532 as reported by Marko >>|Rogge of German-Secure on the Full-Disclosure mailing list >>|on January 28th. We first received this report on Tuesday >>|January 27th. >>| >>|Zone Labs has reviewed the test results presented by Mr. >>|Rogge and used a similar methodology to try and reproduce >>|his findings. We were unable to do so and, as a result, we >>|do not believe that Mr. Rogge's tests indicate that there >>|are any vulnerabilities in ZoneAlarm Pro or other Zone Labs >>|products. >>| >>|In our own testing, using similarly configured systems, we >>|do see an increase in CPU utilization at higher packet rates >>|- up to approximately 20%. However, in no cases does the >>|system become unresponsive. Additionally, the firewall >>|continues to perform its job of allowing or denying traffic >>|based on the configured policy. >>| >>|Zone Labs would also like to point out the connection speed of >>|55 Mbps in the test case reported is 50 to 500 times the >>|bandwidth available to a typical broadband user. In >>|real-world scenarios, a user's bandwidth would be exhausted >>|prior to the network traffic having a significant impact to >>|ZoneAlarm Pro. >>| >>|Additionally, Mr. Rogge and Mixter did not report the >>|results of the system when the ZoneAlarm firewall was not >>|present. At extreme data rates any system's performance >>|will be impaired by a denial of service attack regardless of >>|the presence of ZoneAlarm Pro. >>| >>|In summary, ZoneAlarm Pro users are not vulnerable to a >>|denial of service attack as a result of using ZoneAlarm Pro, >>|nor can a denial of service attack be used to circumvent >>|ZoneAlarm Pro's protection. >>| >>|Zone Labs takes security vulnerability issues very seriously >>|and welcomes the opportunity to work with the security community. >>|While we appreciate Mr. Rogge bringing the matter to our >>|attention, we ask that all security researchers contact us >>|on security@...elabs.com (as mentioned in all of our >>|security advisories), and that in accordance with industry >>|practice, we be given up to 7 days to respond before any >>|issues are disclosed publicly. In all cases, Zone Labs will >>|make every attempt possible to acknowledge the report within >>|48 hours. >>| >>|John LaCour >>|Zone Labs >>|Security Response Team Manager >>|security@...elabs.com >>| >>|-----BEGIN PGP SIGNATURE----- >>|Version: PGP 8.0.2 >>| >>|iQA/AwUBQBl2DqeZbSyAsADEEQImwACg/UWJ64y+IAgs1Nr5I8hTgHcAnzgAoLwu >>|/axIMKc6zI27IdW4DwrJXCQd >>|=IXFN >>|-----END PGP SIGNATURE----- >>|
Powered by blists - more mailing lists