Author Topic: Kerio Personal Firewall Vulnerability  (Read 4122 times)

0 Members and 1 Guest are viewing this topic.

CharleyO

  • Guest
Kerio Personal Firewall Vulnerability
« on: September 07, 2004, 02:13:29 AM »
*

Since I know some of you use Kerio Personal Firewall, I thought this would be of interest to you.

http://secunia.com/advisories/12468/

*

inthewildteam

  • Guest
Re:Kerio Personal Firewall Vulnerability
« Reply #1 on: September 07, 2004, 02:56:35 AM »
Thanks for the "heads up"" as i was using that until recently.

Gone back to a rules based solution by Outpost because of compatabilty issues with my set-up.  Interesting site btw.

techie101

  • Guest
Re:Kerio Personal Firewall Vulnerability
« Reply #2 on: September 09, 2004, 06:42:58 AM »
Charley,

This was most informative.  Kerio is a widely used product although I never cared for it much.

However, many of our users DO use it, therefore such articles as you submitted are always of great interest.


Thank you
Techie

Offline MWassef

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1315
Re:Kerio Personal Firewall Vulnerability
« Reply #3 on: September 09, 2004, 06:46:55 PM »
quoted from Secunia web page:
Quote
"Kerio Personal Firewall includes an program execution protection feature, which allows users to restrict execution of programs on the system. However, it is possible for a malicious program to bypass this feature by restoring the running kernel's SDT (Service Descriptor Table) ServiceTable by writing directly to the "\Device\PhysicalMemory" section object.

Successful exploitation bypasses the protection and allows a malicious program to execute without prompting the user.

The vulnerability has been reported in version 4.0.16. Other versions may also be affected.
As far as I know ver. 2 (2.1.5) does not have this feature(plz check http://www.kerio.com/kpf_comparison_version.html) , Am I correct or what?
MW

Delta

  • Guest
Re:Kerio Personal Firewall Vulnerability
« Reply #4 on: September 09, 2004, 09:01:17 PM »
Hi Minacross, yes I'm sure you're correct. My understanding of the Secunia article and your link is that it only applies to version 4.x. Just set a strong password in version 2.1.5 and you should be alright.

Delta.

CharleyO

  • Guest
Re:Kerio Personal Firewall Vulnerability
« Reply #5 on: September 11, 2004, 10:31:22 AM »
*

Here's the info on Kerio 2.x :

http://secunia.com/product/1493/

*