Firewall-fooling flaw exposed
A flaw in some of ZoneAlarm's security applications could have wide-reaching implications
Malicious code masquerading as a trusted application could trick a ZoneAlarm firewall into letting it connect to the Internet, security experts have warned.
The issue affects the popular free ZoneAlarm firewall and default installations of version 5.5 and earlier of the paid product, maker Zone Labs said in a security advisory on Thursday. Default installations of the Check Point Integrity Client are also affected, but the paid ZoneAlarm 6.0 products, released in July, are not, Zone Labs said.
"If successfully exploited, a malicious program may be able to access the network via a trusted program," Zone Labs, which is part of Check Point, said in its advisory. If the malicious program attempted a direct connection to the Internet, it would be blocked by the firewall.
An example of the technique was published earlier this week by security researcher Debasis Mohanty. The method uses a Windows mechanism for linking applications, according to Mohanty, who also said the problem may exist in other firewall products.
An attacker could trick the firewall by linking a keystroke logger or other malicious program to another application ? Internet Explorer, for example. When the keystroke logger subsequently sends its captured data out, the firewall would see IE, not the spyware, accessing the Internet and allow the connection.
More:
http://news.zdnet.co.uk/0,39020330,39225410,00.htm
PC Help Forum
» Security & Safety
» Security Watch
»
Firewall-fooling flaw exposed in ZoneAlarm.
Firewall-fooling flaw exposed in ZoneAlarm.
Linear Mode
