Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > February 2005 > Zone Labs Security Alert ZL05-01 - Zone Labs IPC Instability

February 2005

Zone Labs Security Alert ZL05-01 - Zone Labs IPC Instability

ID: 00138
Ref: 121/2005
Date: 14 February 2005:15:42:49
Version: 1
Title: Zone Labs Security Alert ZL05-01 - Zone Labs IPC Instability
Abstract:
Vendors affected: ZoneLabs
Operating systems affected: ZoneLabs
Applications affected: ZoneLabs
Title
=====

Zone Labs Security Alert ZL05-01 - Zone Labs IPC Instability

Detail
======

ZoneAlarm Security Suite, ZoneAlarm Pro, ZoneAlarm and
Check Point Integrity monitor specific IPC messages. Using specially
crafted code, it is possible to cause the software or system to lock.
This vulnerability requires local system access -- remote attackers
cannot use this vulnerability to attack an affected system.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Zone Labs Security Alert ZL05-01
Zone Labs IPC Instability

Date Published February 11, 2005
Date Last Revised February 11, 2005

Severity Low

Overview
- - --------
The ZoneAlarm family of products and Check Point Integrity
have been updated to address a low risk vulnerability in
their Inter-Process Communication (IPC) functions.

Impact
- - ------
A local user could cause the system to lock. This
vulnerability requires local access to the system --
remote attackers cannot use this vulnerability to attack
an affected system.

This issue presents no other risks to the computer user.

Affected Products
* ZoneAlarm Security Suite, ZoneAlarm Pro, ZoneAlarm,
Check Point Integrity Clients

Unaffected Products
* No other Zone Labs products are affected by this issue

Description
- - -----------
ZoneAlarm Security Suite, ZoneAlarm Pro, ZoneAlarm and
Check Point Integrity monitor specific IPC messages. Using specially
crafted code, it is possible to cause the software or system to lock.
This vulnerability requires local system access -- remote attackers
cannot use this vulnerability to attack an affected system.

This vulnerability is resolved in versions:

* Check Point Integrity Client versions 4.5.122.000 and
5.1.556.166

* ZoneAlarm Security Suite, ZoneAlarm Pro, ZoneAlarm,
ZoneAlarm with Antivirus version 5.5.062.011

* ZoneAlarm Wireless verion 5.5.080.000

Users configured to receive automatic product updates have received this
update automatically. Users configured to receive manual updates should
use the Check For Update option -- see the "Recommended Actions" section below.

Recommended Actions
- - -------------------
Check Point Integrity

Check Point Integrity administrators can upgrade to Check
Point Integrity Client version 4.5.122.000 or 5.1.556.166
to resolve this issue.


Recommended Actions
- - -------------------
ZoneAlarm family

ZoneAlarm Security Suite, ZoneAlarm Pro and ZoneAlarm users with automatic
updates enabled have received the patch through a product update.

Users with automatic updates:
You receive the update automatically. No further action is required.

Users with manual updates:
To manually update your Zone Labs software:

1. Select Overview | Preferences.

2. In the Check For Update section, click Check For
Update.

3. If neccesary, follow the instructions to update your
software.

Related Resources
- - -----------------
* Zone Labs Security Response Center:
http://www.zonelabs.com/security

* Zone Labs Security Alert ZL05-01:
http://download.zonelabs.com/bin/free/securityAlert/19.html

Acknowledgments
- - ---------------
This issue was originally reported by iDEFENSE.

Contact
- - -------
Zone Labs customers may direct vulnerability concerns or additional
technical questions to Technical Support:
http://www.zonelabs.com/support/

To report security issues with Zone Labs products contact:
security@zonelabs.com

Disclaimer
- - ----------
The information in the advisory is believed to be accurate
at the time of publishing based on currently available information.
Use of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the author
nor the publisher accepts any liability for any direct, indirect, or
consequential loss or damage arising from use of, or reliance on, this
information. Zone Labs and Zone Labs products, are registered trademarks
of Zone Labs, LLC. and/or affiliated companies in the United States and
other countries. All other registered and unregistered trademarks represented
in this document are the sole property of their respective companies/owners.

Copyright
- - ---------
(C) 2005 Zone Labs LLC. All rights reserved. Zone Labs, TrueVector, ZoneAlarm,
and Cooperative Enforcement are registered trademarks of Zone Labs LLC. T he Zone Labs logo, and IMsecure are trademarks of Zone Labs, Inc. Zone Labs
Integrity protected under U.S. Patent No. 5,987,611. Reg. U.S. Pat. & TM Off..
All other trademarks are the property of their respective owners.

Any reproduction of this alert other than as an unmodified
copy of this file requires authorization from Zone Labs. Permission to
electronically redistribute this alert in its unmodified form is granted.
All other rights, including the use of other media, are reserved by Zone Labs,
a division of Check Point.

- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3

iQA/AwUBQg0TM1DxXw2Is3mLEQL3qACgvJ9tNrMB26unbmPcsyZRO8bpq6gAoP4X
wWzW/k5o0J+odeAdpW41GeeW
=G6j5
- -----END PGP SIGNATURE-----
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |