Kerio Personal Firewall URL Handling Denial of Service

#0
11.04.2004, 17:09
Moderator
Avatar joschi

Beiträge: 6466
#1

Zitat

Description:
Emmanouel Kellinis has reported a vulnerability in Kerio Personal Firewall, allowing malicious people to cause a DoS (Denial of Service).

The problem is that Kerio Personal Firewall fails to handle "%12" and "%13" characters in URLs when web filtering is enabled. A single instance reportedly causes the GUI to crash; multiple instances eventually causes Kerio Personal Firewall to crash.

This has been reported in version 4.0.13. Other versions may also be affected.
Solution:
Disable web filtering until an update is available.

Use another product.
Quelle und mehr Info: http://secunia.com/advisories/11331/
__________
Durchsuchen --> Aussuchen --> Untersuchen
Seitenanfang Seitenende
14.04.2004, 12:23
Ehrenmitglied
Avatar Robert

Beiträge: 2283
#2 Vulnerable Systems:
* Kerio Personal Firewall version 4.0.13

When filtering URLs that contain the characters 0x13, 0x12, 0x13, the GUI
application will crash because it cannot handle them. Kerio can also be
made to crash remotely using URL redirection or an IFRAME. Repeatedly
sending malformed URLs will eventually cause the Firewall to crash
entirely.

Workaround
Disable web filtering completely until an update is available.
__________
powered by http://different-thinking.de - Netze, Protokolle, Sicherheit, ...
Seitenanfang Seitenende