hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Exploit Articles
qcred11
Jun 22 2004, 04:05 AM
QUOTE


Overview:
A vulnerability has been found in the 'Mobile Code' filter in ZoneAlarm Pro


Vendor:
ZoneLabs (http://www.zonelabs.com)


Affected Systems/Configuration:
This test was done on a Windows XP Professional machine, running ZoneAlarm Pro 5.0.590.015. The Internet Explorer version is 6, with all patches.


Vulnerability/Exploit:
The new version of ZoneAlarm Pro features "Mobile Code" blocking, which blocks potentially dangerous web objects such as ActiveX, Java Applets, and certain MIME objects. The filter blocks out any "application/*" MIME type. The "Mobile Code" filter integrates with Internet Explorer.


Unfortunately, the "Mobile Code" filter does not filter SSL content. A malicious person could lure a ZoneAlarm Pro user to a malicious SSL site with dangerous "Mobile Code" content; and ZoneAlarm Pro would not filter the "Mobile Code".

Workaround:
None so far.

Date Discovered:
June 21, 2004

Severity:
Medium

Credit:
Paul Kurczaba
Kurczaba Associates




Source: http://seclists.org/lists/bugtraq/2004/Jun/0336.html
qcred11
Jun 25 2004, 02:56 PM
Zone Labs response to "ZoneAlarm Pro 'Mobile Code' Bypass Vulnerability"


QUOTE


ZoneAlarm Pro, Security Suite and Integrity products which employ
Mobile Code Protection/ID Lock features do not inspect encrypted
traffic. If mobile code is downloaded via a Secure Sockets Layer
(SSL) session, it will not be inspected by these products. This is
by design and mandated by the SSL Protocol specification.


The intended purpose of SSL is to "provide privacy and reliability
between two communicating applications [1]." Computer users have the
expectation their SSL encrypted session will be encrypted end-to-end
between the server and client application (in this case, the Web
Browser).


As stated in the SSL Protocol Version 3.0:


  For SSL to be able to provide a secure connection, both the client
  and server systems, keys, and applications must be secure [1].


As such, Zone Labs products do not attempt to intercept, decrypt,
proxy,
or otherwise interfere with the SSL transaction. For our product --
or
any other application -- to behave otherwise would violate the intent
and
design of the SSL specification and could potentially expose and/or
risk the confidentiality of the data transmitted in the SSL
transaction.

A clarification of this common program limitation will be made
in the product help files and program interface.

Zone Labs encourages anyone with concerns about the security of our
products or services to contact us at security_at_zonelabs.com.
http://wp.netscape.com/eng/ssl3/draft302.txt


This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.