Re: Bypassing Personal Firewalls

                          Sygate Security Response

Sygate was made aware of an exposure in Sygate Personal Firewall and Sygate Security Agent on 2/21/2003 by way of the vuln-dev mailing list in a post by xenophi1e (oliver.lavery@sympatico.ca).

Sygate Security Bulletin ID

Description

The reporter of the vulnerability described a problem in Sygate Personal Firewall Pro, ZoneAlarm Pro 3.5, Zero-Knowledge Freedom Firewall, LooknStop 2.04, and Norton Personal Firewall 2003. The reporter of the vulnerability described a problem in which an attacker can bypass a personal

firewall and possibly perform malicious actions.

Impact of this vulnerability

Only versions prior to build 1175 (available 1/29/2003) of Sygate Personal Firewall are impacted by this vulnerability.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Only versions prior to build 1152 (available 10/22/2002) of Sygate Security Agent Maintenance Release 1 are impacted by this vulnerability.

Sygate Personal Firewall and Sygate Security Agent prevent a program from creating a new thread within the address space of Sygate Personal Firewall or Sygate Security Agent and therefore prevents a thread from being created to
execute malicious code.

Affected software

• Sygate Personal Firewall Pro 5.0
• Sygate Personal Firewall 5.0
• Sygate Security Agent

Vulnerability resolution

Sygate Personal Firewall users running a Build prior to 1175 should download the latest version, available at:

http://soho.sygate.com/free/default.php

Sygate Security Agent users should contact their Sygate Enterprise Support Representative for the latest update.

In conformance with RFPolicy, Sygate has a security@sygate.com email address and encourages the security research community to utilize it when reporting exposures in Sygate products.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Regards,

Seth Knox
Product Manager
Sygate Technologies Received on Mon Feb 24 16:28:04 2003