Results 1 to 4 of 4

Thread: Zonealarm mailsafe Vulnerabilty

  1. April 3rd, 2002, 02:35 PM #1
    Info_Au
    Info_Au is offline
    Senior Member Info_Au's Avatar
    Join Date
    Jul 2001
    Location
    Melbourne
    Posts
    273

    Zonealarm mailsafe Vulnerabilty

    Various Vulnerabilities in ZoneAlarm MailSafe
    *****************************************************

    Scope
    -----------
    Edvice recently tested ZoneLabs ZoneAlarm Pro ability to detect and
    quarantine incoming e-mail attachments that may contain malicious code
    or viruses. This functionality is provided by ZoneAlarm's MailSafe
    feature.

    The Findings
    --------------------
    We encountered several vulnerabilities in ZoneAlarm 3.0 MailSafe. The
    vulnerabilities allow bypassing ZoneAlarm's e-mail protection.

    Details
    --------------
    Most of the vulnerabilities we encountered are known Email Filters
    attack techniques and there is no point in explaining them again.
    However, there is one issue worth mentioning:

    It is possible to bypass ZoneAlarm Email Protection by appending a dot
    to the file name extension (e.g. malicious.exe becomes malicious.exe.).
    The dot changes the file name extension and MailSafe fails to compare it
    with known dangerous extensions. The MS-Windows operating system on the
    other hand disregards a dot at the end of a file name. When Windows is
    given a file name ending with a dot, it will automatically remove the
    dot from the file name extension. When Outlook or Outlook Express
    receives a file name that ends with a dot, it will present the dot, but
    will launch the appropriate application when the file is double-clicked,
    as if the dot does not exist.

    Vendor Status
    ----------------------
    ZoneLabs was first contacted on January 26, 2002.
    A fix (v3.0.118) for most of the vulnerabilities we encountered,
    including the one mentioned above, is available through ZoneAlarm's
    Check for Update feature as from yesterday. ZoneLabs is still working on
    one of the vulnerabilities and a fix is expected soon.

    HTML Version: http://www.edvicesecurity.com/ad02-02.htm
    Reply With Quote Reply With Quote
  2. April 3rd, 2002, 11:47 PM #2
    Conf1rm3d_K1ll
    Conf1rm3d_K1ll is offline
    Banned
    Join Date
    Oct 2001
    Posts
    1,253
    Just another reason to make you think twice before forking out your hard earned cash for a second rate firewall.


    It's good to see a fellow Australian making such on topic, intelligent posts.
    Reply With Quote Reply With Quote
  3. April 3rd, 2002, 11:54 PM #3
    avdven
    avdven is offline
    The Iceman Cometh
    Join Date
    Aug 2001
    Posts
    1,209
    Good post. As Conf1rm3d_K1ll said, another reason not to spend money on ZoneAlarm. I still prefer Tiny, 'cause it's free and if an error like that does pop up, I'll just switch to another free firewall.

    AJ
    Reply With Quote Reply With Quote
  4. April 4th, 2002, 12:41 AM #4
    KorpDeath
    KorpDeath is offline
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    No comment.
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules