Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Gaping Hole In Zonealarm

  1. #1
    The extremely popular firewall, ZoneAlarm, has been dealt a nasty blow with a "highly critical" security hole that allows system access to remote users - i.e. the worst possible situation. The hole affects the most recent version of ZoneAlarm - version 4 - and users with the software's update facility turned on were this morning warned to upgrade and asked to download a run a 4.8MB patching file. The vulnerability itself is an unchecked buffer in the fundamental e-mail protocol SMTP. ZoneAlarm's creators Zone Labs warned that sufficiently exploited, "a skilled attacker could cause the firewall to stop processing traffic, execute arbitrary code, or elevate malicious code’s privileges".

    However, the company only gives the hole a "Medium" warning explaining that for the hole to be exploited, the system would have to be acting as an SMTP server and that ZoneLabs "does not recommend using our client security products to protect servers". The hole itself was discovered by eEye Digital Security - the company which discovered the huge ASN hole in Windows. Zone Labs recommends that all ZoneAlarm users upgrade their software and has posted a webpage covering the hole with download links to its upgrades.

    Source:
    http://www.securitynewsportal.com/index.shtml

    ZoneLabs Thiefs:
    Unfortunately ZoneLabs is taking this 'golden opportunity' to extort subscription fees out of the end users. Yes... you need to have a "current annual update and support subscription" when you visit ZoneAlarm's download page for this updated version. When folks who bought the program but not the 'support subscription' go to download their security update they will instead be met with this : "If you wish to remain eligible for this product release you will need to purchase an Annual Update and Support Renewal. Your update to ZoneAlarm Pro will be presented to download after your Update and Support Subscription purchase To which we say... Thanks ZoneLabs... for nothing...

    My advice , get Sygate cause is the best

  2. Software & Hardware   -   #2
    4play's Avatar knob jockey
    Join Date
    Jan 2003
    Location
    London
    Age
    41
    Posts
    3,824
    who the hell is gonna be running a smtp server and using zonealarm. not really an issue for home users.

  3. Software & Hardware   -   #3
    Samurai's Avatar Usenet Fanboy
    Join Date
    May 2003
    Location
    London, United Kingdom
    Age
    41
    Posts
    4,333
    So glad I pushed ZoneAlarm into a dark corner years ago and went with Sygate.

    Have NEVER had a problem with Sygate.

  4. Software & Hardware   -   #4
    Poster
    Join Date
    Apr 2003
    Location
    Germany
    Posts
    780
    yeh sygate rox
    Open your mind

  5. Software & Hardware   -   #5
    zapjb's Avatar Computer Abuser BT Rep: +3
    Join Date
    Nov 2002
    Posts
    3,606
    Yes Sygate

  6. Software & Hardware   -   #6
    BANNED
    Join Date
    Jul 2003
    Location
    Guatemala
    Posts
    4,044
    Tsk tsk. SH give the info and no more

    Thx btw

  7. Software & Hardware   -   #7
    Poster
    Join Date
    Oct 2002
    Location
    Middel East, Egypt
    Posts
    206
    zonealarm sucks since the day they invented it and i always thought it isnt worth trust
    i like norton's alot.. never tried sygate

  8. Software & Hardware   -   #8
    This was fixed with the release of v4.5.538.001...which was released on the 19th, nearly 2 days before news of this broke...LMAO

  9. Software & Hardware   -   #9
    Poster
    Join Date
    Sep 2003
    Location
    South East England
    Posts
    140
    I'm using ZA pro at the mo, If I changed to Sygate am I better off with the Pro version or is the free one just as good? I have already dl the pro version ready just wanted to know what people thought.

  10. Software & Hardware   -   #10
    Double Agent
    Join Date
    May 2003
    Posts
    3,472
    Originally posted by Java Boy@23 February 2004 - 20:01
    This was fixed with the release of v4.5.538.001...which was released on the 19th, nearly 2 days before news of this broke...LMAO
    just upgrade again, no big deal

    http://download.zonelabs.com/bin/free/1026..._45_538_001.exe

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •