Tiny Personal Firewall 1.0和2.0版本存在漏洞。本地用户借助非标准TCP包创建的非Windows协议适配器从而绕过过滤。
ZoneAlarm has reportedly released a fix that does not allow for transmission of outbound traffic from non-standard protocol adapters. Currently we do not have information on this fix, however we will update this record when it is available. Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: email@example.com .
ZoneAlarm Pro 1.0/2.x Outbound Packet Bypass Vulnerability (EDBID:21169)
Due to a common design error, it may be possible for outbound packets to bypass packet filtering in many personal firewalls.
Many of these applications only block packets created by the standard Windows protocol adapter. It is possible for a user with administrative privileges to create packets with other protocol adapters that are not evaluated against the personal firewall rules when transmitted.
Exploitation will result in a violation of security policy.
Tiny Personal Firewall, ZoneAlarm and ZoneAlarm Pro are confirmed vulnerable. It is believed that other applications similar in design may also be vulnerable.
Tiny Personal Firewall Non-standard TCP Packet Outbound Filtering Bypass
Remote / Network Access
Loss of Integrity
Tiny Personal Firewall contains a flaw that may allow a remote attacker to bypass the firewall's access control filtering mechanism. The problem is that the application fails to inspect and block outbound packets generated by alternate protocol stacks, which may allow a remote attacker to bypass outbound filterings by using non-standard TCP packets created with non-Windows protocol adapters resulting in a loss of integrity.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.