[1stPickPCHelp] Zone Labs SMTP Processing Vulnerability

Zone Labs SMTP Processing Vulnerability
http://download.zonelabs.com/bin/free/securityAlert/8.html
Overview: A security vulnerability exists in specific versions of
ZoneAlarm®, ZoneAlarm Pro, ZoneAlarm Plus and the Zone Labs Integrity?
client. This vulnerability is caused by an unchecked buffer in Simple Mail
Transfer Protocol (SMTP) processing which could lead to a buffer overflow.
In order to exploit the vulnerability without user assistance, the target
system must be operating as an SMTP server. Zone Labs does not recommend
using our client security products to protect servers.

Upgrading an affected Zone Labs product will remove this vulnerability.

Date Published: February 18, 2004
Last Update: February 18, 2004

Impact: If successfully exploited, a skilled attacker could cause the
firewall to stop processing traffic, execute arbitrary code, or elevate
malicious code?s privileges.

Zone Labs recommends affected users update their software to the current
versions which address the issue.

Affected Products:

ZoneAlarm family of products and Integrity client versions 4.0 and above. 
Unaffected Products:

ZoneAlarm and Integrity client versions earlier than 4.0. 
Integrity Server and Integrity Clientless Security products are not
affected.

Description: Zone Labs desktop security products process SMTP in order to
perform various security functions. Due to an unchecked buffer in the SMTP
processing system, a skilled attacker could cause the firewall to stop
processing traffic or execute arbitrary code.

Successful exploitation requires one of the following scenarios and applies
only to SMTP traffic:

A program listening on port 25/TCP (SMTP) of the target system. This
condition is usually only present on SMTP servers. Zone Labs does not
recommend using our client security products to protect servers. 
A malicious program running on the protected system could trigger the buffer
overflow and gain SYSTEM privileges if the user or administrator has given
it permission to access the network. 
In all cases, the program requesting network access must be approved by the
user through the Program Control policy.

Recommended Actions: ZoneAlarm, ZoneAlarm Plus, and ZoneAlarm Pro users
should upgrade to version: 4.5.538.001.

To update your Zone Labs client product:

Select Overview > Preferences. 
In the Check for Updates area, choose an update option.

Automatically: Zone Labs security software automatically notifies you when
an update is available.

Manually: You monitor the Status tab for updates. To invoke an update check
immediately, click "Check for Update". 
Integrity 4.0 users should upgrade to Integrity client version: 4.0.146.046.

Integrity 4.5 users should upgrade to Integrity client version: 4.5.085.

Integrity updates are available on the Zone Labs Enterprise Support web
site.


Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike UPDATED 19/02/04
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
A Technical Support Alliance  and OWTA Charter Member 



~*~*~*~*~
Was this forwarded to you?  Want to subscribe?  Send an email 
to 1stpickpchelp-request@xxxxxxxxxxxxx?Subject=subscribe.

For a complete list of email commands for our list send an email 
to ecartis@xxxxxxxxxxxxx with a subject of "info 1stpickpchelp" without the 
quotes.

If you wish to unsubscribe from our list send an email 
to 1stpickpchelp-request@xxxxxxxxxxxxx?Subject=unsubscribe

To contact the list moderators send an email to 
1stpickpchelp-moderators@xxxxxxxxxxxxx
~*~*~*~*~

Other related posts: