Author Topic: Kerio Personal Firewall Vulnerability  (Read 4101 times)

0 Members and 1 Guest are viewing this topic.

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7085
  • Be alert for error code - ID 10T
Kerio Personal Firewall Vulnerability
« on: September 07, 2004, 02:13:29 AM »
*

Since I know some of you use Kerio Personal Firewall, I thought this would be of interest to you.

http://secunia.com/advisories/12468/

*
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM

Offline inthewildteam

  • Advanced Poster
  • **
  • Posts: 772
  • Computers can do that?
Re:Kerio Personal Firewall Vulnerability
« Reply #1 on: September 07, 2004, 02:56:35 AM »
Thanks for the "heads up"" as i was using that until recently.

Gone back to a rules based solution by Outpost because of compatabilty issues with my set-up.  Interesting site btw.
So? I drive a Citroen

Offline techie101returns

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1900
Re:Kerio Personal Firewall Vulnerability
« Reply #2 on: September 09, 2004, 06:42:58 AM »
Charley,

This was most informative.  Kerio is a widely used product although I never cared for it much.

However, many of our users DO use it, therefore such articles as you submitted are always of great interest.


Thank you
Techie

Offline MWassef

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1315
Re:Kerio Personal Firewall Vulnerability
« Reply #3 on: September 09, 2004, 06:46:55 PM »
quoted from Secunia web page:
Quote
"Kerio Personal Firewall includes an program execution protection feature, which allows users to restrict execution of programs on the system. However, it is possible for a malicious program to bypass this feature by restoring the running kernel's SDT (Service Descriptor Table) ServiceTable by writing directly to the "\Device\PhysicalMemory" section object.

Successful exploitation bypasses the protection and allows a malicious program to execute without prompting the user.

The vulnerability has been reported in version 4.0.16. Other versions may also be affected.
As far as I know ver. 2 (2.1.5) does not have this feature(plz check http://www.kerio.com/kpf_comparison_version.html) , Am I correct or what?
MW

Offline Delta

  • Full Member
  • ***
  • Posts: 105
Re:Kerio Personal Firewall Vulnerability
« Reply #4 on: September 09, 2004, 09:01:17 PM »
Hi Minacross, yes I'm sure you're correct. My understanding of the Secunia article and your link is that it only applies to version 4.x. Just set a strong password in version 2.1.5 and you should be alright.

Delta.

Offline CharleyO

  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 7085
  • Be alert for error code - ID 10T
Re:Kerio Personal Firewall Vulnerability
« Reply #5 on: September 11, 2004, 10:31:22 AM »
*

Here's the info on Kerio 2.x :

http://secunia.com/product/1493/

*
Self-built desktop (8 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_4 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 8_MBAM