[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service

To: Full-Disclosure <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: Re: [Full-Disclosure] EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service
From: Jörg Klemenz <joerg@xxxxxxx>
Date: Thu, 11 Nov 2004 23:19:34 +0100

n3td3v schrieb:

On Tue, 9 Nov 2004 10:38:13 -0800, Marc Maiffret <mmaiffret@xxxxxxxx> wrote:
Systems Affected:
Kerio Personal Firewall 4.1.1 and prior
I assume you are not aware of the history of Kerio and how alot of
consumers maybe still on "Tiny" versions of the code.
Tiny Personal Firewall (all versions will also be vulnerable from this.)

Does anyone actually *knows* if KPF 2 and the "Tiny" versions are vulnerable to this? Kerio's web page says:

"Affected products: Kerio Personal Firewall versions 4.0.0 thru 4.1.1"

This indicates that the error was introduced in version 4, whereas Eeye says "4.1.1 and prior".

Has anyone seen exploits for this circulating?

TIA

--
joerg klemenz <joerg@xxxxxxx>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service
  - From: Nicolas RUFF

References:
- [Full-Disclosure] EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service
  - From: Marc Maiffret
- Re: [Full-Disclosure] EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service
  - From: n3td3v

Prev by Date: [Full-Disclosure] Re: New URL spoofing bug in Microsoft Internet Explorer
Next by Date: [Full-Disclosure] IE is just as safe as FireFox
Previous by thread: Re: [Full-Disclosure] EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service
Next by thread: Re: [Full-Disclosure] EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service
Index(es):
- Date
- Thread