Another Kerio vulnerability

Another Kerio vulnerability

am 10.11.2004 15:00:00 von Angus Rodgers

Description: The bug allows an attacker to send a malicious
packet causing 100% CPU utilization and total freeze of the
system. Hard restart is necessary to recover from the freeze
state (in most cases it means physical access to the affected
computer).


Systems Affected:
Kerio Personal Firewall 4.1.1 and prior

Overview:
eEye Digital Security has discovered a severe denial of service
vulnerability in the Kerio Personal Firewall product for Windows.
The vulnerability allows a remote attacker to reliably render a
system inoperative with one single packet. Physical access is
required in order to bring an affected system out of this "frozen"
state. This specific flaw exists within the component that
performs low level processing of TCP, UDP, and ICMP packets.


--
Angus Rodgers
(angus_prune@ eats spam; reply to angusrod@)
Contains mild peril

Re: Another Kerio vulnerability

am 11.11.2004 18:18:36 von Mock Turtle

On Wed, 10 Nov 2004 14:00:00 +0000, Angus Rodgers
wrote:

|Description: The bug allows an attacker to send a malicious
|packet causing 100% CPU utilization and total freeze of the
|system. Hard restart is necessary to recover from the freeze
|state (in most cases it means physical access to the affected
|computer).
|
|
|Systems Affected:
|Kerio Personal Firewall 4.1.1 and prior
|
|Overview:
|eEye Digital Security has discovered a severe denial of service
|vulnerability in the Kerio Personal Firewall product for Windows.
|The vulnerability allows a remote attacker to reliably render a
|system inoperative with one single packet. Physical access is
|required in order to bring an affected system out of this "frozen"
|state. This specific flaw exists within the component that
|performs low level processing of TCP, UDP, and ICMP packets.
|

Would having a router in place (in addition to Kerio) eliminate that
vulnerability or would the packet in question still be an issue?

Re: Another Kerio vulnerability

am 11.11.2004 23:21:04 von mhicaoidh

Taking a moment's reflection, Mock Turtle mused:
|
| Would having a router in place (in addition to Kerio) eliminate that
| vulnerability or would the packet in question still be an issue?

A router would block the packet (assuming no DMZ) before it reached
Kerio ... unless the packet is sent in response to traffic initiated by the
computer running Kerio.