Another Kerio vulnerability
am 10.11.2004 15:00:00 von Angus Rodgers
Description: The bug allows an attacker to send a malicious
packet causing 100% CPU utilization and total freeze of the
system. Hard restart is necessary to recover from the freeze
state (in most cases it means physical access to the affected
computer).
Systems Affected:
Kerio Personal Firewall 4.1.1 and prior
Overview:
eEye Digital Security has discovered a severe denial of service
vulnerability in the Kerio Personal Firewall product for Windows.
The vulnerability allows a remote attacker to reliably render a
system inoperative with one single packet. Physical access is
required in order to bring an affected system out of this "frozen"
state. This specific flaw exists within the component that
performs low level processing of TCP, UDP, and ICMP packets.
--
Angus Rodgers
(angus_prune@ eats spam; reply to angusrod@)
Contains mild peril
Re: Another Kerio vulnerability
am 11.11.2004 18:18:36 von Mock Turtle
On Wed, 10 Nov 2004 14:00:00 +0000, Angus Rodgers
wrote:
|Description: The bug allows an attacker to send a malicious
|packet causing 100% CPU utilization and total freeze of the
|system. Hard restart is necessary to recover from the freeze
|state (in most cases it means physical access to the affected
|computer).
|
|
|Systems Affected:
|Kerio Personal Firewall 4.1.1 and prior
|
|Overview:
|eEye Digital Security has discovered a severe denial of service
|vulnerability in the Kerio Personal Firewall product for Windows.
|The vulnerability allows a remote attacker to reliably render a
|system inoperative with one single packet. Physical access is
|required in order to bring an affected system out of this "frozen"
|state. This specific flaw exists within the component that
|performs low level processing of TCP, UDP, and ICMP packets.
|
Would having a router in place (in addition to Kerio) eliminate that
vulnerability or would the packet in question still be an issue?
Re: Another Kerio vulnerability
am 11.11.2004 23:21:04 von mhicaoidh
Taking a moment's reflection, Mock Turtle mused:
|
| Would having a router in place (in addition to Kerio) eliminate that
| vulnerability or would the packet in question still be an issue?
A router would block the packet (assuming no DMZ) before it reached
Kerio ... unless the packet is sent in response to traffic initiated by the
computer running Kerio.