lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20050930185225.53A37410@lists.grok.org.uk>
Date: Fri Sep 30 19:52:32 2005
From: mail at hackingspirits.com (Debasis Mohanty)
Subject: Re: Bypassing Personal Firewall (Zone Alarm
	Pro)Using DDE-IPC

Paul Laudanski wrote:
>> This "exploit" was tested by members at CastleCops and found to be
untrue: 

Unfortunately not !! Besides Zone Alarm free version it has been tested for
ZA Pro 3x and it works like a charm. Again Symantec SecurityFocus has
probably tested this for ZA Pro 5.1. so they have mentioned the vulnerable
version here http://securityfocus.com/bid/14966

I am not sure whether ZoneLabs has tested this or not, as I found ZA Pro 3x
to be vulnerable but seems it has not appear in the advisory's affected s/ws
list http://download.zonelabs.com/bin/free/securityAlert/35.html . As per
the advisory only the ZA free version is vulnerable.... I am afraid this is
incorrect ... 

- D



-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf Of Paul
Laudanski
Sent: Friday, September 30, 2005 3:11 AM
To: warl0ck@...uxmail.org
Cc: full-disclosure@...ts.grok.org.uk; bugtraq@...urityfocus.com
Subject: [Full-disclosure] Re: Bypassing Personal Firewall (Zone Alarm
Pro)Using DDE-IPC

On 29 Sep 2005 warl0ck@...uxmail.org wrote:

> It is issue with almost all the firewalls firewalls don't protect the 
> running applications themselves.I think i don't get is what does it 
> have to do with DDE ?.Also one can read firewall ACL from the settings 
> and inject code into the running trusted process.

This "exploit" was tested by members at CastleCops and found to be untrue:

http://castlecops.com/postlite134369-.html

Snapshots also provided.

--
Paul Laudanski, Microsoft MVP Windows-Security CastleCops(SM),
http://castlecops.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ