ZoneAlarm Pro Configuration File/Directory Permission Weakness DoS

medium Nessus Plugin ID 14726

Synopsis

This host is running a firewall with a denial of service vulnerability.

Description

This host is running a version of ZoneAlarm Pro that contains a flaw which may allow a local denial of service. To exploit this flaw, an attacker would need to tamper with the files located in %windir%/Internet Logs. An attacker may modify them and prevent ZoneAlarm from starting up properly.

Solution

Upgrade to the latest version of this software.

See Also

https://seclists.org/fulldisclosure/2004/Aug/911

Plugin Details

Severity: Medium

ID: 14726

File Name: zone_alarm_local_dos.nasl

Version: 1.17

Type: local

Family: Firewalls

Published: 9/15/2004

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Vulnerability Publication Date: 8/20/2004

Reference Information

CVE: CVE-2004-2713

CWE: 264