[18408] in bugtraq
Re: Advisory:Multiple Vulnerabilities in ZoneAlarm
daemon@ATHENA.MIT.EDU (Chris St. Clair)
Wed Jan 3 11:47:57 2001
Mime-Version: 1.0
Content-Type: text/plain; format=flowed
Message-Id: <F9kEPF3cMnA0VYqMhmh00003deb@hotmail.com>
Date: Wed, 3 Jan 2001 01:52:48 -0000
Reply-To: "Chris St. Clair" <chris_stclair@HOTMAIL.COM>
From: "Chris St. Clair" <chris_stclair@HOTMAIL.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
>Whereas I agree it would be desirable for ZoneLabs to fix any >notified
>vulnerabilities, I share the view that in terms of RISK the >issue is of
>limited importance until an exploit can be devised that >can take advantage
>of the theoretical weakness.
As one of the people that found this problem, I can tell you
that during the testing of this issue with ZoneAlarm we developed
methods to exploit it with ~ 85% reliability.
Agreed, there are a lot of things that have to go "just right" in
order to be able to pull it off successfully. And it's also agreed
that the risk level is relatively low. However, the point stands
that there are other products out there that have similar
functionality but do not exhibit the same weaknesses as ZoneAlarm.
-chris
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
