[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ZA Security Hole

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: ZA Security Hole
From: Samps <samps@xxxxxxxxxxxx>
Date: Fri, 16 Apr 2004 09:51:29 +0930

Damjan Kreft wrote:

Hello!

I think, I discover some kind of security hole in ZoneAlaram - any version. The problem is hidding in E-mail Protection. Because I'm form Slovenia (not Slovakia), our alphabet does have some letters with roof (c - č, s - š, z - ž). And when the name of e-mail attachment contain any of these three letters, it don't go to the qurarantine (if the attachment do have right extension of course).

Greets, Damjan

I played around a bit to find out whether my own computer (with ZoneAlarm Pro) was vulnerable and, accidentally, found a similar behaviour from my ISPs mailserver, apparently being Exim 4.24.

When attaching any 'normally' named .EXE, my email is returned to me by Exim, with a note saying: "This kind of attachment is not good for you.....". If I rename the same .EXE to, say, (c).exe, it gets delivered and ZoneAlarm lets it in without quarantining it.

Two bugs for the price of one!


cheers
Samps

Follow-Ups:
- Re: ZA Security Hole
  - From: Patrick Brauch

References:
- ZA Security Hole
  - From: Damjan Kreft

Prev by Date: [OpenPKG-SA-2004.016] OpenPKG Security Advisory (neon)
Next by Date: [securityzone@macromedia.com: New Macromedia Security Zone Bulletin Posted]
Previous by thread: ZA Security Hole
Next by thread: Re: ZA Security Hole
Index(es):
- Date
- Thread