Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Advisory:Multiple Vulnerabilities in ZoneAlarm
From: "Chris St. Clair" <chris_stclair () HOTMAIL COM>
Date: Wed, 3 Jan 2001 01:52:48 -0000

Whereas I agree it would be desirable for ZoneLabs to fix any >notified
vulnerabilities, I share the view that in terms of RISK the >issue is of
limited importance until an exploit can be devised that >can take advantage
of the theoretical weakness.

As one of the people that found this problem, I can tell you
that during the testing of this issue with ZoneAlarm we developed
methods to exploit it with ~ 85% reliability.

Agreed, there are a lot of things that have to go "just right" in
order to be able to pull it off successfully. And it's also agreed
that the risk level is relatively low. However, the point stands
that there are other products out there that have similar
functionality but do not exhibit the same weaknesses as ZoneAlarm.

-chris

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]