ZoneAlarm Flaw Opens Firewalls To E-mail Attack

Zone Labs has alerted users that several versions of its personal firewall products are vulnerable to a buffer overflow attack conducted via e-mail that could leave supposedly-protected systems open to malicious code assaults, the company said.

The affected editions include the 4.0 versions of ZoneAlarm, ZoneAlarm Plus, and ZoneAlarm Pro; ZoneAlarm Pro 4.5; and Zone Labs Integrity Client 4.0 and 4.5.

"If successfully exploited, a skilled attacker could cause the firewall to stop processing traffic, execute arbitrary code, or elevate malicious code's privileges," ZoneAlarm said Wednesday in the alert posted on its Web site.

The vulnerability, which was first reported by eEye Digital Security, is caused by an unchecked buffer in Simple Mail Transfer Protocol (SMTP) processing, which could in turn lead to a buffer overflow, said ZoneAlarm. To exploit the vulnerability remotely, the target system must be operating as an SMTP server.

"Zone Labs does not recommend using our client security products to protect servers," the company said. Zone Labs also sells a server-specific firewall under its Integrity line.ZoneAlarm users were urged to update their software to version 4.5.538.001, while Integrity Client 4.0 and 4.5 users should upgrade to versions 4.0.146.046 and 4.5.085, respectively. More details on the vulnerability and upgrade instructions can be found on the Zone Labs Web site.