ISS X-Force Database: zonealarm-tiny-bypass-filter(7671): ZoneAlarm and Tiny Personal Firewall allows non-standard outbound packets to bypass filtering

ZoneAlarm and Tiny Personal Firewall allows non-standard outbound packets to bypass filtering

zonealarm-tiny-bypass-filter (7671)

Medium Risk

Description:

ZoneAlarm and ZoneAlarm Pro could allow an attacker to cause specific outbound packets to bypass firewall filtering rules. If a malicious user with administrative privileges creates packets with protocol adapters other than the Windows standard protocol adapter, the packets can bypass the filtering rules and be transmitted through the firewall.

Platforms Affected:

CheckPoint, ZoneAlarm Pro 2.6
Tiny Software, Tiny Personal Firewall 2.0 and prior
ZoneLabs, ZoneAlarm 2.1
ZoneLabs, ZoneAlarm 2.2
ZoneLabs, ZoneAlarm 2.3
ZoneLabs, ZoneAlarm 2.4
ZoneLabs, ZoneAlarm 2.5
ZoneLabs, ZoneAlarm 2.6
ZoneLabs, ZoneAlarm Pro 2.4

Remedy:

No remedy available as of July 4, 2009.

Consequences:

Bypass Security

References:

BugTraq Mailing List, Thu Dec 06 2001 - 20:50:36 CST, Re: Flawed outbound packet filtering in various personal firewalls at http://archives.neohapsis.com/archives/bugtraq/2001-12/0065.html.
BugTraq Mailing List, Wed Dec 05 2001 - 17:08:57 CST, Flawed outbound packet filtering in various personal firewalls at http://archives.neohapsis.com/archives/bugtraq/2001-12/0056.html.
Hackbusters Web site, OutBound! at http://www.hackbusters.net/ob.html.
Tiny Software, Inc. Web site, Tiny Personal Firewall at http://www.tinysoftware.com/home/tiny?s=7741043568395572227A0&&pg=tpf_summary.
Zone Labs Web site, Products & Solutions at http://www.zonelabs.com/products/index.html.
BID-3647: Multiple Personal Firewall Vendor Outbound Packet Bypass Vulnerability
CVE-2001-1548: ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.
CVE-2001-1549: Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.

Reported:

Dec 05, 2001

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page