Vulnerability Development mailing list archives
Re: Bypassing Personal Firewalls
From: Seth Knox <seth.knox () sygate com>
Date: Fri, 21 Feb 2003 17:46:41 -0800
Sygate Security Response Sygate was made aware of an exposure in Sygate Personal Firewall and Sygate Security Agent on 2/21/2003 by way of the vuln-dev mailing list in a post by xenophi1e (oliver.lavery () sympatico ca). Sygate Security Bulletin ID ---------------------------- SS20030221-0001 Description ------------ The reporter of the vulnerability described a problem in Sygate Personal Firewall Pro, ZoneAlarm Pro 3.5, Zero-Knowledge Freedom Firewall, LooknStop 2.04, and Norton Personal Firewall 2003. The reporter of the vulnerability described a problem in which an attacker can bypass a personal firewall and possibly perform malicious actions. Impact of this vulnerability ----------------------------- Only versions prior to build 1175 (available 1/29/2003) of Sygate Personal Firewall are impacted by this vulnerability. Only versions prior to build 1152 (available 10/22/2002) of Sygate Security Agent Maintenance Release 1 are impacted by this vulnerability. Sygate Personal Firewall and Sygate Security Agent prevent a program from creating a new thread within the address space of Sygate Personal Firewall or Sygate Security Agent and therefore prevents a thread from being created to execute malicious code. Affected software ----------------- * Sygate Personal Firewall Pro 5.0 * Sygate Personal Firewall 5.0 * Sygate Security Agent Vulnerability resolution ------------------------ Sygate Personal Firewall users running a Build prior to 1175 should download the latest version, available at: http://soho.sygate.com/free/default.php Sygate Security Agent users should contact their Sygate Enterprise Support Representative for the latest update. In conformance with RFPolicy, Sygate has a security () sygate com email address and encourages the security research community to utilize it when reporting exposures in Sygate products. Regards, Seth Knox Product Manager Sygate Technologies
Current thread:
- Bypassing Personal Firewalls xenophi1e (Feb 21)
- Re: Bypassing Personal Firewalls H C (Feb 21)
- RE: Bypassing Personal Firewalls Oliver Lavery (Feb 21)
- <Possible follow-ups>
- RE: Bypassing Personal Firewalls xenophi1e (Feb 21)
- Re: Bypassing Personal Firewalls Seth Knox (Feb 24)
- Re: Bypassing Personal Firewalls H C (Feb 21)