Use ZoneAlarm? Get the update!
If you use the ZoneAlarm firewall (any version 4.0 or newer), read this advisory and update your product. A vulnerability has been discovered that is a perfect exploit playground for e-mail worms. Kudos to ZoneLabs for getting the fix out so quickly.
ZoneAlarm Bug Bares System to E-Mail Attack
ZoneAlarm Bug Bares System To E-Mail Attack
By Larry Seltzer
February 20, 2004
Security vendor Zone Labs has disclosed that several versions of its personal-firewall products are vulnerable to a buffer-overflow attack that could compromise the system.
ZoneAlarm, ZoneAlarm Plus and ZoneAlarm Pro 4.0.0 versions; ZoneAlarm Pro 4.5.0; as well as Zone Labs Integrity Client 4.0.0 are vulnerable, the company said. Versions earlier than 4.0.0 are not. ZoneAlarm users are advised to upgrade to Version 4.5.538.001. (See the Zone Labs advisory for more details and how to obtain the upgrades.