| VID |
28092 |
| Severity |
30 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The ZoneAlarm PC firewall, according to its version number, has a ruleset bypass vulnerability.
ZoneAlarm is a personal firewall by Zone Labs for Microsoft Windows computers. ZoneAlarm versions 2.1.14 and earlier does not filter UDP packets with a source port of 67 or generate an alert, which allows remote attackers to bypass the firewall rules. The attacker can also perform a port scan on the system by specifying a source port of 67.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.securityfocus.com/archive/1/56370
* Platforms Affected:
Zone Labs, ZoneAlarm versions 2.1.24 and earlier
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of ZoneAlarm (2.1.25 or later), available from the Zone Labs Web site at http://www.zonelabs.com/download/index.html |
| Related URL |
CVE-2000-0339 (CVE) |
| Related URL |
1137 (SecurityFocus) |
| Related URL |
4356 (ISS) |
|
