Re: Bypassing Personal Firewalls

[Seth Knox <seth.knox () sygate com>]

                          Sygate Security Response


Sygate was made aware of an exposure in Sygate Personal Firewall and
Sygate Security Agent on 2/21/2003 by way of the vuln-dev mailing list in
a post by xenophi1e (oliver.lavery () sympatico ca).

Sygate Security Bulletin ID
----------------------------
SS20030221-0001


Description
------------

The reporter of the vulnerability described a problem in Sygate Personal 
Firewall Pro, ZoneAlarm Pro 3.5, Zero-Knowledge Freedom Firewall, 
LooknStop 2.04, and Norton Personal Firewall 2003.  The reporter of the 
vulnerability described a problem in which an attacker can bypass a personal

firewall and possibly perform malicious actions.


Impact of this vulnerability
-----------------------------

Only versions prior to build 1175 (available 1/29/2003) of Sygate Personal 
Firewall are impacted by this vulnerability.

Only versions prior to build 1152 (available 10/22/2002) of Sygate Security 
Agent Maintenance Release 1 are impacted by this vulnerability.

Sygate Personal Firewall and Sygate Security Agent prevent a program from 
creating a new thread within the address space of Sygate Personal Firewall 
or Sygate Security Agent and therefore prevents a thread from being created
to 
execute malicious code.


Affected software
-----------------

* Sygate Personal Firewall Pro 5.0      
* Sygate Personal Firewall 5.0
* Sygate Security Agent


Vulnerability resolution
------------------------

Sygate Personal Firewall users running a Build prior to 1175 should download
the latest version, available at:

http://soho.sygate.com/free/default.php

Sygate Security Agent users should contact their Sygate Enterprise Support 
Representative for the latest update.

In conformance with RFPolicy, Sygate has a security () sygate com email
address and encourages the security research community to utilize it when
reporting exposures in Sygate products.

Regards,

Seth Knox
Product Manager
Sygate Technologies