Sygate Security Response Sygate was made aware of an exposure in Sygate Personal Firewall and Sygate Security Agent on 2/21/2003 by way of the vuln-dev mailing list in a post by xenophi1e (oliver.laveryat_private). Sygate Security Bulletin ID ---------------------------- SS20030221-0001 Description ------------ The reporter of the vulnerability described a problem in Sygate Personal Firewall Pro, ZoneAlarm Pro 3.5, Zero-Knowledge Freedom Firewall, LooknStop 2.04, and Norton Personal Firewall 2003. The reporter of the vulnerability described a problem in which an attacker can bypass a personal firewall and possibly perform malicious actions. Impact of this vulnerability ----------------------------- Only versions prior to build 1175 (available 1/29/2003) of Sygate Personal Firewall are impacted by this vulnerability. Only versions prior to build 1152 (available 10/22/2002) of Sygate Security Agent Maintenance Release 1 are impacted by this vulnerability. Sygate Personal Firewall and Sygate Security Agent prevent a program from creating a new thread within the address space of Sygate Personal Firewall or Sygate Security Agent and therefore prevents a thread from being created to execute malicious code. Affected software ----------------- * Sygate Personal Firewall Pro 5.0 * Sygate Personal Firewall 5.0 * Sygate Security Agent Vulnerability resolution ------------------------ Sygate Personal Firewall users running a Build prior to 1175 should download the latest version, available at: http://soho.sygate.com/free/default.php Sygate Security Agent users should contact their Sygate Enterprise Support Representative for the latest update. In conformance with RFPolicy, Sygate has a securityat_private email address and encourages the security research community to utilize it when reporting exposures in Sygate products. Regards, Seth Knox Product Manager Sygate Technologies
This archive was generated by hypermail 2b30 : Mon Feb 24 2003 - 13:26:57 PST