Kerio/Tiny Firewall Vulnerability
This came over BugTraq Yesterday afternoon. I know that several of you use Tiny firewall so I thought you might like to know. I left off the links to the exploit itself but the fixes/patches links are in the text.
Quote:
Hello,
April 28, 2003, the CoreSecurity team publishes security advisory concerning 2 holes in Kiero Personal Firewall, of which one of both is Remote Buffer Overflow in the process of connection of the remote admin module.
Kiero Personal Firewall using PFEngine, an common firewall engine, it proves that the vulnerability is also present in Tiny Personal Firewall!
In the same time, every PFE firewall based products are vulnerable...
Today, the Thursday, May 8, 2003 6:27 PM, ThreaT (again@#!) from Skin Of Humanity Group released the exploit and the UNOFFICIAL patch for Kerio Personal Firewall version 2.1.4.0 (and previous versions) and Tiny Personal Firewall version 2.0.15.0.
Please enjoy sources of the patch at :
http://www.s0h.cc/~threat/goodies/PF...es_PFpatch.zip
To correct this problem on your personnal firewall use this address :
http://www.s0h.cc/~threat/goodies/PFpatch/PFpatch.exe