Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Firewalls >> ZoneAlarm Local Privilege Escalation Vulnerability


Vulnerability Assessment Details

ZoneAlarm Local Privilege Escalation Vulnerability

Vulnerability Assessment Summary
Checks version of ZoneAlarm

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote Windows application is prone to a local privilege
escalation issue.

Description :

The remote host is running ZoneAlarm, a firewall for Windows.

The TrueVector service associated with the version of ZoneAlarm
installed on the remote host loads as part of its startup several
necessary DLLs without specifying their pathnames. A possible hacker with
local access can exploit this flaw to execute arbitrary programs on
the affected host with LOCAL SYSTEM rights.

See also :

http://www.securityfocus.com/archive/1/427122/30/0/threaded
http://download.zonelabs.com/bin/free/securityAlert/51.html

Solution :

Upgrade to ZoneAlarm build 6.1.744.001 or later.

Network Security Threat Level:

Medium / CVSS Base Score : 5.6
(AV:L/AC:H/Au:NR/C:C/I:C/A:C/B:N)

Networks Security ID: 17037

Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security

Cables, Connectors


Cisco Catalyst C9300-24UX-A 24 Port 10G/mGig UPOE Network Switch, no module picture

Cisco Catalyst C9300-24UX-A 24 Port 10G/mGig UPOE Network Switch, no module

$299.97



ARUBA J9772A 2530-48G PoE+ 48 PORT ETHERNET SWITCH W/ RACK EARS J9772-60301 picture

ARUBA J9772A 2530-48G PoE+ 48 PORT ETHERNET SWITCH W/ RACK EARS J9772-60301

$125.69



Fortinet FortiSwitch FS-124D-POE 24 Port Gigabit Ethernet Switch UNREGISTERED picture

Fortinet FortiSwitch FS-124D-POE 24 Port Gigabit Ethernet Switch UNREGISTERED

$99.97



Brocade ICX 7250-48 48-Port Gigabit Ethernet Network Switch | ICX7250-48-2X10G picture

Brocade ICX 7250-48 48-Port Gigabit Ethernet Network Switch | ICX7250-48-2X10G

$84.95



NETGEAR GS305300PAS 5 Port Gigabit Ethernet Unmanaged Switch picture

NETGEAR GS305300PAS 5 Port Gigabit Ethernet Unmanaged Switch

$15.99



Ubiquiti UniFi Compact Switch 5 port Gigabit PoE+ Switch USW-FLEX-MINI NEW OPEN picture

Ubiquiti UniFi Compact Switch 5 port Gigabit PoE+ Switch USW-FLEX-MINI NEW OPEN

$27.99



New Linksys SE3005 5-port Gigabit Ethernet Switch picture

New Linksys SE3005 5-port Gigabit Ethernet Switch

$18.99



Network Switch Link Light Covers, 3D Printed, 24W+24N RJ45, 4 SFP, Black picture

Network Switch Link Light Covers, 3D Printed, 24W+24N RJ45, 4 SFP, Black

$14.99



HPE ARUBA 2530-24G J9773A PoE+ 24-PORT GIGABIT ETHERNET SWITCH J9773-60201 picture

HPE ARUBA 2530-24G J9773A PoE+ 24-PORT GIGABIT ETHERNET SWITCH J9773-60201

$87.98



Dell PowerConnect 6248 48 Port Managed Gigabit Ethernet Switch picture

Dell PowerConnect 6248 48 Port Managed Gigabit Ethernet Switch

$59.94



Discussions

No Discussions have been posted on this vulnerability.