Kerio Personal Firewall Vulnerability

[CharleyO]

*

Since I know some of you use Kerio Personal Firewall, I thought this would be of interest to you.

http://secunia.com/advisories/12468/

*

[inthewildteam]

Thanks for the "heads up"" as i was using that until recently.

Gone back to a rules based solution by Outpost because of compatabilty issues with my set-up.  Interesting site btw.

[techie101]

Charley,

This was most informative.  Kerio is a widely used product although I never cared for it much.

However, many of our users DO use it, therefore such articles as you submitted are always of great interest.


Thank you
Techie

[MWassef]

quoted from Secunia web page:

"Kerio Personal Firewall includes an program execution protection feature, which allows users to restrict execution of programs on the system. However, it is possible for a malicious program to bypass this feature by restoring the running kernel's SDT (Service Descriptor Table) ServiceTable by writing directly to the "\Device\PhysicalMemory" section object.

Successful exploitation bypasses the protection and allows a malicious program to execute without prompting the user.

The vulnerability has been reported in version 4.0.16. Other versions may also be affected.

As far as I know ver. 2 (2.1.5) does not have this feature(plz check http://www.kerio.com/kpf_comparison_version.html) , Am I correct or what?

[Delta]

Hi Minacross, yes I'm sure you're correct. My understanding of the Secunia article and your link is that it only applies to version 4.x. Just set a strong password in version 2.1.5 and you should be alright.

Delta.

[CharleyO]

*

Here's the info on Kerio 2.x :

http://secunia.com/product/1493/

*