Bugtraq has reported a bug has been discovered in Zone Alarm Pro

Cweeks

Member
Sep 23, 2000
28
0
0
Madrid, 12 November, 2001 -

According to information published on Bugtraq
(at http://www.securityfocus.com/archive/1/225205) a bug has been discovered
in Zone Alarm Pro, firewall software for Windows widely used by home users.
This vulnerability can cause the program to treat Internet addresses as
local addresses.

ZoneAlarm Pro lets users protect computers easily without having to use any
additional hardware. Apparently, the bug has been detected in ZoneAlarm
Pro's latest version (2.6.357), although it may possibly appear in other
versions of the program, including the freeware version.

As with Internet Explorer, ZoneAlarm Pro (ZAP) can be configured for local
and Internet connections. However, in some cases, the program recognizes
some Internet addresses as local, thus assigning them the lowest security
level. To be precise, every connection with the first octets matching the
user's IP will be treated as local. So for example, if the user's IP address
is 456.456.456.456, the program will apply a local security level to any
connection established from a 456.456.*.* address. This will result in the
connection having the lowest safety guarantees, which could enable attacks
from malicious users.


Hope this helps zone alarm users.
If it already been posted sorry , I did a search and could find no reference to this.
 

cipher00

Golden Member
Jan 29, 2001
1,295
0
76
Very interesting. I wonder what happens when ZAP is located behind a router with a "local" address for the router. Hmmmm. :confused::Q:(
 

RagManX

Golden Member
Oct 16, 1999
1,219
0
86
I'm not really sure why this is such a big issue, personally. My understanding is, this is *NOT* the default behavior, and you would have to set this option manually. All it does is make every device on the same class B network count as local. If you are behind a NAT device using RFC1918 addresses, this isn't a problem, as it just means everyone on your local net will be counted as local.

RagManX