Huge vulnerability in Zone Alarm (all versions)

Discussion in 'Computer Security' started by donutbandit, Feb 17, 2004.

  1. donutbandit

    donutbandit Guest

    1. Advertising

  2. R Green - WoWsat.com, Feb 18, 2004
    #2
    1. Advertising

  3. donutbandit

    mdb Guest

    On 17 Feb 2004 19:36:35 GMT, donutbandit <> wrote:

    >http://www.eeye.com/html/Research/Upcoming/20040213-2.html


    From the Zone Labs site:

    "A security vulnerability exists in specific versions of ZoneAlarm,
    ZoneAlarm Pro, ZoneAlarm Plus and the Zone Labs Integrity client. This
    vulnerability is caused by an unchecked buffer in Simple Mail Transfer
    Protocol (SMTP) processing which could lead to a buffer overflow. In
    order to exploit the vulnerability without user assistance, the target
    system must be operating as an SMTP server. Zone Labs does not
    recommend using our client security products to protect servers."

    http://download.zonelabs.com/bin/free/securityAlert/8.html


    I think calling this a 'Huge vulnerability' is bit of an exaggeration.
     
    mdb, Feb 19, 2004
    #3
  4. donutbandit

    Tracker Guest

    mdb wrote:

    > On 17 Feb 2004 19:36:35 GMT, donutbandit <> wrote:
    >
    > >http://www.eeye.com/html/Research/Upcoming/20040213-2.html

    >
    > From the Zone Labs site:
    >
    > "A security vulnerability exists in specific versions of ZoneAlarm,
    > ZoneAlarm Pro, ZoneAlarm Plus and the Zone Labs Integrity client. This
    > vulnerability is caused by an unchecked buffer in Simple Mail Transfer
    > Protocol (SMTP) processing which could lead to a buffer overflow. In
    > order to exploit the vulnerability without user assistance, the target
    > system must be operating as an SMTP server. Zone Labs does not
    > recommend using our client security products to protect servers."
    >
    > http://download.zonelabs.com/bin/free/securityAlert/8.html
    >
    > I think calling this a 'Huge vulnerability' is bit of an exaggeration.


    Been using many versions of Zone Alarm and no hacker has penitrated our
    computers as of yet.
    Visit my website at http://www.geocities.com/hacking_internet_secrets

    Tracker
     
    Tracker, Feb 19, 2004
    #4
  5. donutbandit

    donutbandit Guest

    Tracker <"snailmail(valid)222000"@yahoo.com> wrote in
    news::

    > Been using many versions of Zone Alarm and no hacker has penitrated our
    > computers as of yet.
    > Visit my website at http://www.geocities.com/hacking_internet_secrets
    >


    That's odd. I though it was those malicious hackers who keep resetting your
    clock. ;)
     
    donutbandit, Feb 19, 2004
    #5
  6. Tracker spilled my beer when they jumped on the table and proclaimed in
    <>

    > Been using many versions of Zone Alarm and no hacker has penitrated our
    > computers as of yet.
    > Visit my website at <Spam snipped and reported>


    Funny. When I was being harassed by my stalkers, they managed to get past
    ZA at least twice...

    NOI
     
    Thund3rstruck_N0i, Feb 19, 2004
    #6
  7. donutbandit spilled my beer when they jumped on the table and proclaimed in
    <c11scq$1ap$>

    > Tracker <"snailmail(valid)222000"@yahoo.com> wrote in
    > news::
    >
    >> Been using many versions of Zone Alarm and no hacker has penitrated our
    >> computers as of yet.
    >> Visit my website at http://www.geocities.com/hacking_internet_secrets
    >>

    >
    > That's odd. I though it was those malicious hackers who keep resetting
    > your clock. ;)


    Heh. She once told me that I wouldn't understand why, but the reason her
    clock was so far off was because of security reasons... :)

    NOI
     
    Thund3rstruck_N0i, Feb 19, 2004
    #7
  8. donutbandit

    Leythos Guest

    In article <>, Tracker <"snailmail(valid)
    222000"@yahoo.com> says...
    > Tracker


    IMO, Any post or reply to a post made by a person or persons calling
    themselves "Tracker" may contain false or misleading information and
    should be considered as spam or worthless garbage. IMO, This / These
    person / people have proven that they know nothing, can not help, and
    are generally going to screw up your computer if you follow their
    directions on anything. The infamous "Security Book" is nothing more
    than ravings of a poorly informed nature by an ignorant person that
    shows little knowledge of computer/network security.
    --
    --

    (Remove 999 to reply to me)
     
    Leythos, Feb 19, 2004
    #8
  9. donutbandit

    Jason Guest

    * Thund3rstruck_N0i <>:
    >> Tracker <"snailmail(valid)222000"@yahoo.com> wrote in
    >> news::
    >>
    >>> Been using many versions of Zone Alarm and no hacker has penitrated our
    >>> computers as of yet.
    >>> Visit my website at http://www.geocities.com/hacking_internet_secrets
    >>>

    >>
    >> That's odd. I though it was those malicious hackers who keep resetting
    >> your clock. ;)

    >
    > Heh. She once told me that I wouldn't understand why, but the reason her
    > clock was so far off was because of security reasons... :)
    >
    > NOI


    As in she isn't able to figure out how to fix it more likely. :)

    Jason
     
    Jason, Feb 19, 2004
    #9
  10. donutbandit

    Gladys Pump Guest

    On 19 Feb 2004 07:59:16 GMT, Tracker <"snailmail(valid)222000"@yahoo.com>,
    whilst in the alt.computer.security newsfroup, articulated the following
    sentiments :

    >Been using many versions of Zone Alarm and no hacker has penitrated our
    >computers as of yet.
    >Visit my website at **I AM SPAM**
    >
    >Tracker


    That's 'penetrated'. It's hardly surprising you don't know how to spell it.

    Oh, and I think you're referring to 'crackers', not 'hackers'. That's even
    if you own more than one computer.

    Or ZoneAlarm.

    Your free lyric :

    "Mr. Sandman, bring me a clue (dumb,dumb,dumb,dumb)
    Make it the smartest, that I've seen you do (dumb,dumb,dumb,dumb)
    Give me a break and tell me I'm no slacker (dumb,dumb,dumb,dumb)
    So I can tell which is a cracker and hacker.
    Sandman, I like to spam
    I'm Beef's ole lady, that's who I am
    I don't know shit, and that won't do
    Mr. Sandman, bring me a clue."

    Regs, Pete.
     
    Gladys Pump, Feb 19, 2004
    #10
  11. donutbandit

    Mimic Guest

    "Leythos" <> wrote in message
    news:...

    >
    > (Remove 999 to reply to me)



    Leythos, this maybe of use..
    www.hidemyemail.net

    --
    Mimic

    ZGF0YWZsZXhAY2FubmFiaXNtYWlsLmNvbQ== ( www.hidemyemail.net )
    "Without knowledge you have fear. With fear you create your own nightmares."
    "Alzheimer's, cheaper than rohypnol"
    "There are 10 types of people in the world. Those that understand Binary,
    and those that dont."
    "He who controls Google, controls the world".
     
    Mimic, Feb 19, 2004
    #11
  12. donutbandit

    Mimic Guest

    "Tracker" <"snailmail(valid)222000"@yahoo.com> wrote in message
    news:...
    >
    >
    > mdb wrote:
    >
    > > On 17 Feb 2004 19:36:35 GMT, donutbandit <> wrote:
    > >
    > > >http://www.eeye.com/html/Research/Upcoming/20040213-2.html

    > >
    > > From the Zone Labs site:
    > >
    > > "A security vulnerability exists in specific versions of ZoneAlarm,
    > > ZoneAlarm Pro, ZoneAlarm Plus and the Zone Labs Integrity client. This
    > > vulnerability is caused by an unchecked buffer in Simple Mail Transfer
    > > Protocol (SMTP) processing which could lead to a buffer overflow. In
    > > order to exploit the vulnerability without user assistance, the target
    > > system must be operating as an SMTP server. Zone Labs does not
    > > recommend using our client security products to protect servers."
    > >
    > > http://download.zonelabs.com/bin/free/securityAlert/8.html
    > >
    > > I think calling this a 'Huge vulnerability' is bit of an exaggeration.

    >
    > Been using many versions of Zone Alarm and no hacker has penitrated our
    > computers as of yet.
    > Visit my website at http://www.geocities.com/hacking_internet_secrets
    >
    > Tracker
    >


    Yeah, the worlds dumbest person is back wh00t wh00t.

    --
    Mimic

    ZGF0YWZsZXhAY2FubmFiaXNtYWlsLmNvbQ== ( www.hidemyemail.net )
    "Without knowledge you have fear. With fear you create your own nightmares."
    "Alzheimer's, cheaper than rohypnol"
    "There are 10 types of people in the world. Those that understand Binary,
    and those that dont."
    "He who controls Google, controls the world".
     
    Mimic, Feb 19, 2004
    #12
  13. donutbandit

    Leythos Guest

    In article <>,
    says...
    > "Leythos" <> wrote in message
    > news:...
    >
    > >
    > > (Remove 999 to reply to me)

    >
    >
    > Leythos, this maybe of use..
    > www.hidemyemail.net


    I'm not sure what I would need it - the spamfree account is a throw-away
    account. I have my own email server for real communications.

    Once that one starts getting spam I will delete the account and create a
    new one.

    --
    --

    (Remove 999 to reply to me)
     
    Leythos, Feb 19, 2004
    #13
  14. Jason spilled my beer when they jumped on the table and proclaimed in
    <Tm6Zb.100273$>

    > * Thund3rstruck_N0i <>:
    >> Heh. She once told me that I wouldn't understand why, but the reason her
    >> clock was so far off was because of security reasons... :)

    >
    > As in she isn't able to figure out how to fix it more likely. :)


    That's what I figured too...

    NOI
     
    Thund3rstruck_N0i, Feb 20, 2004
    #14
  15. donutbandit

    Mimic Guest

    "Leythos" <> wrote in message
    news:...
    > In article <>,
    > says...
    > > "Leythos" <> wrote in message
    > > news:...
    > >
    > > >
    > > > (Remove 999 to reply to me)

    > >
    > >
    > > Leythos, this maybe of use..
    > > www.hidemyemail.net

    >
    > I'm not sure what I would need it - the spamfree account is a throw-away
    > account. I have my own email server for real communications.
    >
    > Once that one starts getting spam I will delete the account and create a
    > new one.
    >
    > --
    > --
    >
    > (Remove 999 to reply to me)


    Fair nough, just thought id mention it.

    --
    Mimic

    ZGF0YWZsZXhAY2FubmFiaXNtYWlsLmNvbQ== ( www.hidemyemail.net )
    "Without knowledge you have fear. With fear you create your own nightmares."
    "Alzheimer's, cheaper than rohypnol"
    "There are 10 types of people in the world. Those that understand Binary,
    and those that dont."
    "He who controls Google, controls the world".
     
    Mimic, Feb 20, 2004
    #15
  16. donutbandit

    Leythos Guest

    In article <>,
    says...
    [snip]
    >
    > Fair nough, just thought id mention it.


    Thanks for thinking about it.

    --
    --

    (Remove 999 to reply to me)
     
    Leythos, Feb 20, 2004
    #16
  17. donutbandit <> wrote in message news:<c11scq$1ap$>...
    > Tracker <"snailmail(valid)222000"@yahoo.com> wrote in
    > news::
    >
    > > Been using many versions of Zone Alarm and no hacker has penitrated our
    > > computers as of yet.
    > > Visit my website at http://www.geocities.com/hacking_internet_secrets
    > >

    >
    > That's odd. I though it was those malicious hackers who keep resetting your
    > clock. ;)


    You want to see one bitch ass kicking firewall excerpt which was
    listing in my book? That *****er was some unique shit and guess some
    of you don't know how to perform a DOS attack and abuse computers,
    Networks and Servers but you hackers left enough evidence to fry your
    asses.

    Tracker
     
    onepercentertracker, Feb 23, 2004
    #17
  18. donutbandit

    donutbandit Guest

    (onepercentertracker) wrote in
    news::

    >> That's odd. I though it was those malicious hackers who keep
    >> resetting your clock. ;)

    >
    > You want to see one bitch ass kicking firewall excerpt which was
    > listing in my book? That *****er was some unique shit and guess some
    > of you don't know how to perform a DOS attack and abuse computers,
    > Networks and Servers but you hackers left enough evidence to fry your
    > asses.


    Wow, nasty Tracker! I have yet to see "one bitch ass kicking firewall
    excerpt" from Zone Alarm as it is an "open welcome mat" to those who know
    how to circumvent it.

    Get with it, Debbie. You mean crackers, not hackers.

    If they left so much evidence, why aren't their lousy clock changing asses
    frying?
     
    donutbandit, Feb 23, 2004
    #18
  19. donutbandit

    Jason Guest

    * onepercentertracker <>:
    > donutbandit <> wrote in message news:<c11scq$1ap$>...
    >> Tracker <"snailmail(valid)222000"@yahoo.com> wrote in
    >> news::
    >>

    > You want to see one bitch ass kicking firewall excerpt which was
    > listing in my book? That *****er was some unique shit and guess some
    > of you don't know how to perform a DOS attack and abuse computers,
    > Networks and Servers but you hackers left enough evidence to fry your
    > asses.
    >
    > Tracker


    bla bla bla same shite different day debbie. How are the ferrets doing?

    Jason
     
    Jason, Feb 23, 2004
    #19
  20. donutbandit

    Leythos Guest

    In article <>,
    says...
    > You want to see one bitch ass kicking firewall excerpt which was
    > listing in my book? That *****er was some unique shit and guess some
    > of you don't know how to perform a DOS attack and abuse computers,
    > Networks and Servers but you hackers left enough evidence to fry your
    > asses.
    >
    > Tracker


    You don't sound like tracker, I can't recall a time when tracker started
    cussing so much. Must be a troll (not that tracker isn't a troll).

    --
    --

    (Remove 999 to reply to me)
     
    Leythos, Feb 23, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John
    Replies:
    0
    Views:
    2,232
  2. Patch

    Audible alarm in Zone Alarm?

    Patch, Aug 18, 2003, in forum: Computer Support
    Replies:
    4
    Views:
    1,170
    Patch
    Aug 18, 2003
  3. Don Kelloway
    Replies:
    5
    Views:
    1,016
    Nelson Tam
    Jul 22, 2003
  4. Jones

    Zone Alarm or Zone Alarm Pro?

    Jones, Feb 19, 2004, in forum: Computer Information
    Replies:
    5
    Views:
    624
    Phil Marshall
    Feb 20, 2004
  5. Patrick Dunford
    Replies:
    0
    Views:
    327
    Patrick Dunford
    Jul 15, 2004
Loading...

Share This Page