(Vendor Issues Fix) Zone Labs IMsecure Active Link Filtering Function Can Be Bypassed
|
|
SecurityTracker Alert ID: 1011684 |
|
SecurityTracker URL: http://securitytracker.com/id/1011684
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Oct 14 2004
|
Impact:
Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 1.5
|
Description:
A vulnerability was reported in IMsecure. A remote user can create a link that will bypass Active Link filtering.
Kurczaba Associates announced that there is a vulnerability in the filtering capability of IMsecure. In some situations, a remote user can create a specially encoded URL that will bypass the Active Link filtering function in IMsecure and IMsecure Pro.
A demonstration exploit URL is provided:
http://[site]/somefile.e%78e
|
Impact:
A remote user can create a link that will bypass Active Link filtering.
|
Solution:
The vendor has issued a fixed version (1.5).
For IMsecure Pro update:
http://download.zonelabs.com/bin/updates/imsp/imsp1539AEN9903.html
For IMsecure Update:
http://download.zonelabs.com/bin/updates/ims/ims1539AEN9903.html
|
Vendor URL: download.zonelabs.com/bin/free/securityAlert/16.html (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Windows (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Thu, 14 Oct 2004 10:05:03 -0400
Subject: http://download.zonelabs.com/bin/free/securityAlert/16.html
|
Zone Labs IMSecure URL Filtering
Overview: The Zone Labs IMsecure® product line provides security features to help users
use Instant Messaging networks securely and safely.
Under some circumstances, IMsecure and IMsecure Pro may allow specifically encoded URLs
to bypass Active Link filtering. As such, an IMsecure user with Active Link filtering
enabled may receive an unfiltered active link.
Upgrading to the latest release of IMsecure and IMsecure Pro will resolve this issue.
The latest releases of IMsecure and IMsecure Pro are versions 1.5 or newer.
Date Published: October 13, 2004
Date Last Revised: October 13, 2004
Impact: Low risk. Users of IMsecure could receive a URL link to malicious content
despite the Active Link feature being enabled. However, clicking a link in the IMsecure
interface will launch the default web browser—which will also prompt the user before
executing any code. This issue requires direct action by user to present any risk.
Affected Products:
* IMsecure and IMsecure Pro versions older than 1.5
Unaffected Products:
* IMsecure and IMsecure Pro versions 1.5 and newer
* ZoneAlarm® product line
* Check Point Integrity™ product line
Description: Zone Labs IMsecure products contain features to filter URLs sent to the
user. Users may enable or disable these features. A specially crafted URL may bypass
IMsecure product filtering, thereby presenting an active URL link for the user to click
on. This link could be malicious and therefore present increased risk to the end user.
This issue requires direct action by user to present any risk. In all cases, the user
must click the URL link to become exposed to any malicious code. A user cannot be
attacked without taking specific action to click a malicious link.
Recommended Actions: IMsecure and IMsecure Pro users should upgrade to version 1.5 or
newer.
Related Resources:
* IMsecure Pro update:
http://download.zonelabs.com/bin/updates/imsp/imsp1539AEN9903.html
* IMsecure Update:
http://download.zonelabs.com/bin/updates/ims/ims1539AEN9903.html
* Zone Labs Security Response Center:
http://www.zonelabs.com/security/
Acknowledgments: Zone Labs would like to acknowledge Paul Kurczaba for reporting this
issue to Zone Labs.
Contact: Zone Labs customers who are concerned about information contained in this
advisory or have additional technical questions may reach our Technical Support team
at: http://www.zonelabs.com/support/. To report security issues with Zone Labs products
contact security@zonelabs.com.
Disclaimer: The information in the advisory is believed to be accurate at the time of
publishing based on currently available information. Use of the information constitutes
acceptance for use in an AS IS condition. There are no warranties with regard to this
information. Neither the author nor the publisher accepts any liability for any direct,
indirect, or consequential loss or damage arising from use of, or reliance on, this
information. Zone Labs and Zone Labs products, are registered trademarks of Zone Labs
Incorporated. and/or affiliated companies in the United States and other countries. All
other registered and unregistered trademarks represented in this document are the sole
property of their respective companies/owners.
Copyright: ©2004 Zone Labs LLC, A Check Point Company All rights reserved. Zone Labs,
TrueVector, ZoneAlarm, and Cooperative Enforcement are registered trademarks of Zone
Labs LLC, A Check Point Company The Zone Labs logo, Zone Labs Integrity and IMsecure
are trademarks of Zone Labs, Inc. Zone Labs Integrity protected under U.S. Patent No.
5,987,611. Reg. U.S. Pat. & TM Off. Cooperative Enforcement is a service mark of Zone
Labs LLC, A Check Point Company All other trademarks are the property of their
respective owners.
Permission to redistribute this alert electronically is granted as long as it is not
edited in any way unless authorized by Zone Labs. Reprinting the whole or part of this
alert in any medium other than electronically requires permission from Zone Labs.
|
|
