Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
Ask the Team  Mailing Lists  Advertising Info  Advisories  About SecuriTeam  Blogs Brought to you by: Suppliers of: Website Testing Tools Network Testing Tools Software Testing Tools SecuriTeam in Your Inbox New vulnerability? New tool? Tell us (Our PGP key). CanSecWest 2012 2nd Annual Cyber Security Hack In Paris	Kerio Personal Firewall Multiple IP Options DoS 10 Nov. 2004    Summary "Kerio Personal Firewall (KPF) helps users control how their computers exchange data with other computers on the Internet or local network." A machine running Kerio Personal Firewall can be rendered inoperable and frozen due to a single packet from a malicious party. Physical access is then required in order to secure control of the machine again.   Credit: The information has been provided by Marc Maiffret of eEye Digital Security. The original article can be found at: http://www.kerio.com/security_advisory.html Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    Details Protect your website! Use an External Vulnerability Scanner! Nothing to install. First report in 1 hour! www.beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Kerio Personal Firewall version 4.1.1 and prior Immune Systems:  * Kerio Personal Firewall version 4.1.2 The DoS flaw exists within the low-level component that handles TCP, UDP and ICMP packets. The vulnerability exists in FWDRV.SYS when trying to parse through the IP Options in a TCP, UDP, or ICMP packet. When an attacker supplies a single TCP, UDP, or ICMP packet with an IP Option followed by a length of 0x00, the FWDRV.SYS driver enters an infinite loop and causes the operating system to "freeze up" to the point where it can no longer be accessed outside of the system itself nor can any part of the GUI be accessed including keyboard and mouse. Note: The only way to bring the system back online is to hard boot the system which requires physical access. The attacker only needs to send a single packet to any port on the system regardless of whether or not the port is open. This flaw is still accessible even if the firewall is set to "stop all traffic" because it still continues to process packets. The vulnerable code maintains an offset into the IP option bytes, and attempts to advance past a variable-length option by adding its length to the offset. If the option's length field is zero, then this will result in an infinite loop and the machine halts completely. It should be noted that since there is not a state requirement for performing this attack, it is possible to spoof a TCP, UDP, or ICMP packet. This results in an attacker's ability to remain anonymous. Vendor Status: Kerio have fixed the vulnerability and have provided an updated version (4.1.2) available from their site at http://www.kerio.com/kpf_download.html Disclosure Timeline: 30-10-2004   Vulnerability reported 09-11-2004   Release date  Comments: blog comments powered by Disqus	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews  Related Articles Novell Zenworks Software Packaging LaunchHelp.dll Code Execution Vulnerability Novell ZENWorks Software Packaging Antique ActiveX Control Code Execution Vulnerability Microsoft Internet Explorer swapNode Handling Code Execution Vulnerability Microsoft Internet Explorer Select Element Insufficient Type Checking Code Execution Vulnerability Internet Explorer Select Element Cache Code Execution Vulnerability Microsoft Office Graph DataFormat Signed Index Code Execution Vulnerability Microsoft Office Excel Conditional Expression Ptg Type Confusion Vulnerability Microsoft Internet Explorer Protected Mode Bypass Vulnerability Microsoft Internet Explorer 9 STYLE Object Parsing Code Execution Vulnerability Microsoft Internet Explorer XSLT SetViewSlave Code Execution Vulnerability CA Total Defense Suite Gateway Security Malformed HTTP Packet Code Execution Vulnerability HP Easy Printer Care XMLSimpleAccessor Class ActiveX Control Code Execution Vulnerability TrendMicro Control Manager CASProcessor.exe BLOB Code Execution Vulnerability Symantec Veritas Storage Foundation vxsvc.exe Unicode Code Execution Vulnerability HP iNode Management Center iNodeMngChecker.exe Code Execution Vulnerability  Featured Articles ProFTPD Response Pool Use-After-Free Code Execution Vulnerability HP Data Protector Notebook Extension LogClientInstallation SQL Injection Vulnerabilty GE Proficy Historian ihDataArchiver.exe Trusted Header Size Code Execution Vulnerability Novell ZENWorks Software Packaging Antique ActiveX Control Code Execution Vulnerability Adobe Reader U3D IFF RGBA Parsing Code Execution Vulnerability Adobe Reader U3D PCX Parsing Code Execution Vulnerability Cisco Unified Service Monitor brstart add_dm Code Execution Vulnerability
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus - Blogs - CVEs

Copyright © 1998-2011 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®