BID:12946

Kerio Personal Firewall Local Network Access Restriction Bypass Vulnerability

Info

Kerio Personal Firewall Local Network Access Restriction Bypass Vulnerability

Bugtraq ID:	12946
Class:	Design Error
CVE:	CVE-2005-0964
Remote:	No
Local:	Yes
Published:	Mar 30 2005 12:00AM
Updated:	Jul 12 2009 11:56AM
Credit:	Petr Matousek of Masaryk University is credited with the discovery of this issue.
Vulnerable:	Kerio Personal Firewall 4.1.2 Kerio Personal Firewall 4.1.1 Kerio Personal Firewall 4.1 Kerio Personal Firewall 4.0.16 Kerio Personal Firewall 4.0.10 Kerio Personal Firewall 4.0.9 Kerio Personal Firewall 4.0.8 Kerio Personal Firewall 4.0.7 Kerio Personal Firewall 4.0.6

Not Vulnerable:	Kerio Personal Firewall 4.1.3

Discussion

Kerio Personal Firewall Local Network Access Restriction Bypass Vulnerability

A local network access restriction bypass vulnerability affects Kerio Personal Firewall. This issue is due to a design error that causes the application to fail to properly validate the origin of network requests.

An attacker may leverage this issue to bypass network access restrictions, potentially leading administrators to a false sense of security.

Exploit / POC

Kerio Personal Firewall Local Network Access Restriction Bypass Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

Kerio Personal Firewall Local Network Access Restriction Bypass Vulnerability

Solution:
The vendor has released an advisory along with an upgrade dealing with this issue. Users are advised to contact the vendor for more information on obtaining the updated packages.

Kerio Personal Firewall 4.0.10