ZoneAlarm port scan port 67 denial of service
| zonealarm-portscan (4356) |  Medium Risk |
Description:
ZoneAlarm does not block packets with a source port of 67 or generate an alert. A remote attacker can perform a port scan on the system by specifying a source port of 67.
Platforms Affected:
- ZoneLabs, ZoneAlarm
Remedy:
Upgrade to the latest version of ZoneAlarm (2.1.25 or later), available from the Zone Labs Web site. See References.
Consequences:
Bypass Security
References:
- BugTraq Mailing List, Thu Apr 20 2000 - 23:41:23 CDT, ZoneAlarm at http://archives.neohapsis.com/archives/bugtraq/2000-04/0145.html.
- Zone Labs Web site, ZoneAlarm 2.1.25 at http://www.zonelabs.com/download/index.html.
- BID-1137: ZoneAlarm Personal Firewall Port 67 Vulnerability
- CVE-2000-0339: ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source port of 67, which allows remote attackers to bypass the firewall rules.
- OSVDB ID: 1294: ZoneAlarm Personal Firewall UDP Source Port 67 Bypass
Reported:
Apr 24, 2000
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net