ZoneAlarm and Tiny Personal Firewall allows non-standard outbound packets to bypass filtering
| zonealarm-tiny-bypass-filter (7671) |  Medium Risk |
Description:
ZoneAlarm and ZoneAlarm Pro could allow an attacker to cause specific outbound packets to bypass firewall filtering rules. If a malicious user with administrative privileges creates packets with protocol adapters other than the Windows standard protocol adapter, the packets can bypass the filtering rules and be transmitted through the firewall.
Consequences:
Bypass Security
Remedy:
No remedy available as of July 9, 2011.
References:
- BugTraq Mailing List, Thu Dec 06 2001 - 20:50:36 CST: Re: Flawed outbound packet filtering in various personal firewalls.
- BugTraq Mailing List, Wed Dec 05 2001 - 17:08:57 CST: Flawed outbound packet filtering in various personal firewalls.
- Hackbusters Web site: OutBound!.
- Tiny Software, Inc. Web site: Tiny Personal Firewall.
- Zone Labs Web site: Products & Solutions.
- BID-3647: Multiple Personal Firewall Vendor Outbound Packet Bypass Vulnerability
- CVE-2001-1548: ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
- CVE-2001-1549: Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
Platforms Affected:
- CheckPoint ZoneAlarm 2.1
- CheckPoint ZoneAlarm 2.2
- CheckPoint ZoneAlarm 2.3
- CheckPoint ZoneAlarm 2.4
- CheckPoint ZoneAlarm 2.4 Pro
- CheckPoint ZoneAlarm 2.5
- CheckPoint ZoneAlarm 2.6
- CheckPoint ZoneAlarm 2.6 Pro
- Tiny Software Tiny Personal Firewall 2.0
Reported:
Dec 05, 2001
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net