Kerio Personal Firewall URL Handling Denial of Service

#1

Zitat

Description:
Emmanouel Kellinis has reported a vulnerability in Kerio Personal Firewall, allowing malicious people to cause a DoS (Denial of Service).

The problem is that Kerio Personal Firewall fails to handle "%12" and "%13" characters in URLs when web filtering is enabled. A single instance reportedly causes the GUI to crash; multiple instances eventually causes Kerio Personal Firewall to crash.

This has been reported in version 4.0.13. Other versions may also be affected.
Solution:
Disable web filtering until an update is available.

Use another product.

Quelle und mehr Info: http://secunia.com/advisories/11331/
__________
Durchsuchen --> Aussuchen --> Untersuchen

#2 Vulnerable Systems:
* Kerio Personal Firewall version 4.0.13

When filtering URLs that contain the characters 0x13, 0x12, 0x13, the GUI
application will crash because it cannot handle them. Kerio can also be
made to crash remotely using URL redirection or an IFRAME. Repeatedly
sending malformed URLs will eventually cause the Firewall to crash
entirely.

Workaround
Disable web filtering completely until an update is available.
__________
powered by http://different-thinking.de - Netze, Protokolle, Sicherheit, ...