Description
vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort function is a valid memory address, which allows local users to cause a denial of service (system crash) when ZoneAlarm attempts to dereference an invalid pointer.
Product(s):
- Check Point Integrity Client
- Zone Labs Check Point Integrity Client
- Zone Labs Check Point Integrity Client 4.5.122.000
- Zone Labs Check Point Integrity Client 5.1.556.166
- Zone Labs ZoneAlarm 5.5.062.011
- ZoneLabs ZoneAlarm Wireless Security
- Zone Labs ZoneAlarm Wireless
- Zone Labs ZoneAlarm Wireless 5.5.080.000
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-0114, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-0114 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.