Bugtraq mailing list archives
Re: Advisory:Multiple Vulnerabilities in ZoneAlarm
From: bacano <bacano () ESOTERICA PT>
Date: Sat, 30 Dec 2000 14:40:46 -0000
Hi2all The original post of this supposed vulnerabilities didn't give me any concern since the tiny window here was a little more tiny as the one reported (no DSL or cable, no win2k or NT), but after it I went to some tests. So far, since no othter kind of attack was made (yet?), i can say that scans on port 1080 (tcp) are not detected. I don't have any wingate (or whatever) running, but many home users that are using ZoneAlarm, or ZoneAlarmPro (tested version), may have one. Even if they are not vulnerable, they are loosing the chance to detect, log and report some attacks. Since attacks on 1080 are a very well known realitty, even if there isn't a chance for a success of the attacker, this should be logged and reported to the proper authorities. Users (only) using ZoneAlarm or ZoneAlarm Pro can't do so, then i suppose there is a(some) real problem(s) here. Just a note, i didn't 'test myself' using other box, i did put a box connected on some wild places to see what may happend. A trully lame version of the Honeypot project i must say, but for the propose it worked =;o) [12/29/2000 22:07:03.830 GMT] Connection: xxxxx.xxxxx.xx (xxx.xxx.xxx.xxx) on port 1080 (tcp). [12/29/2000 22:07:03.830 GMT] Disconnect: xxxxx.xxxxx.xx (xxx.xxx.xxx.xxx) on port 1080 (tcp). [12/29/2000 22:07:03.830 GMT] Port 1080 (tcp) is now disabled for 60 seconds. (from 'oldie' nukebabber, after traffic from untrusted host was detected and ZoneAlarm shutdown) [ ]'s bacano ----- Original Message ----- From: "Stephen M. Milton" <milton () ISOMEDIA COM> To: <BUGTRAQ () SECURITYFOCUS COM> Sent: Wednesday, December 27, 2000 6:30 PM Subject: Re: Advisory:Multiple Vulnerabilities in ZoneAlarm
Whereas I agree it would be desirable for ZoneLabs to fix any notified vulnerabilities, I share the view that in terms of RISK the issue is of limited importance until an exploit can be devised that can take
advantage
of the theoretical weakness.This is a terrible idea. The concept that a bug should not be fixed until AFTER an exploit has been found and demonstrated is ludicrous. Security bugs are especially important to fix BEFORE the exploit has been created. 2cents. Stephen Milton Vice President ISOMEDIA, Inc.
Current thread:
- Re: Advisory:Multiple Vulnerabilities in ZoneAlarm bacano (Jan 02)
- <Possible follow-ups>
- Re: Advisory:Multiple Vulnerabilities in ZoneAlarm Chris St. Clair (Jan 03)