BID:12531

Zone Labs ZoneAlarm Local Denial of Service Vulnerability

Info

Zone Labs ZoneAlarm Local Denial of Service Vulnerability

Bugtraq ID:	12531
Class:	Design Error
CVE:	CVE-2005-0114
Remote:	No
Local:	Yes
Published:	Feb 11 2005 12:00AM
Updated:	Jul 12 2009 10:06AM
Credit:	Discovery is credited to iDEFENSE Labs.
Vulnerable:	Zone Labs ZoneAlarm Security Suite 5.5 .062 Zone Labs ZoneAlarm Security Suite 5.5 Zone Labs ZoneAlarm Security Suite 5.1 Zone Labs ZoneAlarm Pro 5.5 .062 Zone Labs ZoneAlarm Pro 5.1 Zone Labs ZoneAlarm Pro 5.0.590 .015 Zone Labs ZoneAlarm Pro 4.5 .538.001 Zone Labs ZoneAlarm Pro 4.5 Zone Labs ZoneAlarm Pro 4.0 Zone Labs ZoneAlarm Pro 3.1 Zone Labs ZoneAlarm Pro 3.0 Zone Labs ZoneAlarm Pro 2.6 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Zone Labs ZoneAlarm Pro 2.4 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Zone Labs ZoneAlarm 5.1 Zone Labs ZoneAlarm 4.5 .538.001 Zone Labs ZoneAlarm 4.0 Zone Labs ZoneAlarm 3.7 .202 Zone Labs ZoneAlarm 3.1 Zone Labs ZoneAlarm 3.0 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Zone Labs ZoneAlarm 2.6 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Zone Labs ZoneAlarm 2.5 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Zone Labs ZoneAlarm 2.4 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Zone Labs ZoneAlarm 2.3 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Zone Labs ZoneAlarm 2.2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Zone Labs ZoneAlarm 2.1 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP6 - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Microsoft Windows NT 4.0 SP3 - Microsoft Windows NT 4.0 SP2 - Microsoft Windows NT 4.0 SP1 - Microsoft Windows NT 4.0 Check Point Software Integrity Client 5.0 Check Point Software Integrity Client 4.5

Not Vulnerable:	Zone Labs ZoneAlarm Security Suite 5.5 .062.011 Zone Labs ZoneAlarm Pro 5.5 .062.011 Zone Labs ZoneAlarm 5.5 .062.011 Check Point Software Integrity Client 5.1.556 .166 Check Point Software Integrity Client 4.4.122 .000

Discussion

Zone Labs ZoneAlarm Local Denial of Service Vulnerability

Multiple ZoneAlarm products and Check Point Integrity Client are reported prone to a local denial of service vulnerability. This issue exists due to an invalid pointer dereference.

A successful attack can result in a denial of service condition in the kernel.

ZoneAlarm Security Suite, ZoneAlarm Pro, and ZoneAlarm versions prior to 5.5.062.011 and Check Point Integrity Client versions prior to 4.5.122.000 and 5.1.556.166 are considered vulnerable to this issue.

Exploit / POC

Zone Labs ZoneAlarm Local Denial of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

Zone Labs ZoneAlarm Local Denial of Service Vulnerability

Solution:
The vendor has released ZoneAlarm Security Suite, ZoneAlarm Pro, and ZoneAlarm version 5.5.062.011 to address this issue. Check Point Integrity Client versions 4.5.122.000 and 5.1.556.166 are available to fix this issue as well. Users may download updates automatically or manually from the vendor. Please see references for more information.

References

Zone Labs ZoneAlarm Local Denial of Service Vulnerability

References:

Zone Labs Homepage (Zone Labs)
iDEFENSE Security Advisory 02.11.05: ZoneAlarm Invalid Pointer Vulnerability (iDefense Customer Service )
Zone Labs Security Alert ZL05-01: Zone Labs IPC Instability ("Zone Labs Product Security" )