Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Firewall)  >   ZoneAlarm Vendors:   Zone Labs
ZoneAlarm IPC Null Pointer Dereference Lets Local Users Crash the System
SecurityTracker Alert ID:  1013165
SecurityTracker URL:
CVE Reference:   CVE-2005-0114   (Links to External Site)
Updated:  Feb 12 2005
Original Entry Date:  Feb 11 2005
Impact:   Denial of service via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to
Description:   A vulnerability was reported in Zone Labs ZoneAlarm and ZoneAlarm Pro in the monitoring of inter-process communications. A local user can cause the system to lock.

The software does not properly process certain inter-process communication (IPC) messages that it monitors. A local user can send a specially crafted message to cause the ZoneAlarm software or the target operating system to crash.

The flaw resides in 'vsdatant.sys' in the kernel hook to NtConnectPort(). The software does not properly validate the 'ServerPortName' parameter. A local user can pass a non-zero invalid value to trigger a null pointer dereference.

The vendor was notified on January 6, 2005.

iDEFENSE reported this vulnerability.

The original advisory is available at:

Impact:   A local user can cause the target firewall process or the operating system to crash.
Solution:   The vendor has issued a fixed version ( Users with automatic updates will receive the update automatically.

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   State error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  Zone Labs Security Alert ZL05-01: Zone Labs IPC Instability

Hash: SHA1

Zone Labs Security Alert ZL05-01
Zone Labs IPC Instability

Date Published                  February 11, 2005
Date Last Revised               February 11, 2005

Severity                        Low

- --------
The ZoneAlarm family of products and Check Point Integrity
have been updated to address a low risk vulnerability in
their Inter-Process Communication (IPC) functions.

- ------
A local user could cause the system to lock. This
vulnerability requires local access to the system --
remote attackers cannot use this vulnerability to attack
an affected system.

This issue presents no other risks to the computer user.

Affected Products
   * ZoneAlarm Security Suite, ZoneAlarm Pro, ZoneAlarm,
     Check Point Integrity Clients

Unaffected Products
   * No other Zone Labs products are affected by this issue

- -----------
ZoneAlarm Security Suite, ZoneAlarm Pro, ZoneAlarm and
Check Point Integrity monitor specific IPC messages. Using
specially crafted code, it is possible to cause the software
or system to lock. This vulnerability requires local system
access -- remote attackers cannot use this vulnerability to
attack an affected system.

This vulnerability is resolved in versions:

    * Check Point Integrity Client versions and

    * ZoneAlarm Security Suite, ZoneAlarm Pro, ZoneAlarm,
      ZoneAlarm with Antivirus version

    * ZoneAlarm Wireless verion

Users configured to receive automatic product updates have
received this update automatically. Users configured to
receive manual updates should use the Check For Update
option -- see the "Recommended Actions" section below.

Recommended Actions
- -------------------
Check Point Integrity

Check Point Integrity administrators can upgrade to Check
Point Integrity Client version or 5.1.556.166
to resolve this issue.

Recommended Actions
- -------------------
ZoneAlarm family

ZoneAlarm Security Suite, ZoneAlarm Pro and ZoneAlarm users
with automatic updates enabled have received the patch
through a product update.

Users with automatic updates:
You receive the update automatically. No further action is

Users with manual updates:
To manually update your Zone Labs software:

   1. Select Overview | Preferences.

   2. In the Check For Update section, click Check For

   3. If neccesary, follow the instructions to update your

Related Resources
- -----------------
   * Zone Labs Security Response Center:

   * Zone Labs Security Alert ZL05-01:

- ---------------
This issue was originally reported by iDEFENSE.

- -------
Zone Labs customers may direct vulnerability concerns or
additional technical questions to Technical Support:

To report security issues with Zone Labs products contact:

- ----------
The information in the advisory is believed to be accurate
at the time of publishing based on currently available
information. Use of the information constitutes acceptance
for use in an AS IS condition. There are no warranties with
regard to this information. Neither the author nor the
publisher accepts any liability for any direct, indirect,
or consequential loss or damage arising from use of, or
reliance on, this information. Zone Labs and Zone Labs
products, are registered trademarks of Zone Labs, LLC.
and/or affiliated companies in the United States and other
countries. All other registered and unregistered trademarks
represented in this document are the sole property of their
respective companies/owners.

- ---------
(C) 2005 Zone Labs LLC. All rights reserved. Zone Labs,
TrueVector, ZoneAlarm, and Cooperative Enforcement are
registered trademarks of Zone Labs LLC. The Zone Labs logo,
and IMsecure are trademarks of Zone Labs, Inc. Zone Labs
Integrity protected under U.S. Patent No. 5,987,611. Reg.
U.S. Pat. & TM Off.. All other trademarks are the property
of their respective owners.

Any reproduction of this alert other than as an unmodified
copy of this file requires authorization from Zone Labs.
Permission to electronically redistribute this alert in
its unmodified form is granted. All other rights, including
the use of other media, are reserved by Zone Labs, a
division of Check Point.

Version: PGP 8.0.3



Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC