Kerio Personal Firewall 4.0.13 DoS vulnerability
Results 1 to 4 of 4

Thread: Kerio Personal Firewall 4.0.13 DoS vulnerability

  1. #1
    Senior Member
    Join Date
    Jul 2003
    Posts
    813

    Kerio Personal Firewall 4.0.13 DoS vulnerability

    Below is the report for this flaw:

    Formal Report
    ################################################
    Application: Kerio Personal Firewall
    Vendors: http://www.kerio.com
    Version: 4.0.13
    Platforms: Windows
    Bug: GUI Crash(D.O.S)
    Risk: Medium
    Exploitation: Remote with browser
    Date: 7 Apr 2004
    Author: Emmanouel Kellinis
    e-mail: me@cipher(dot)org(dot)uk
    web: http://www.cipher.org.uk
    #################################################

    =======
    Product
    =======
    Kerio Personal Firewall (KPF) helps users control how
    their computers exchange data with other computers on
    the Internet or local network.


    ===
    Bug
    ===
    Kerio Personal Firewall takes urls using a tool
    called web-filter and returns the requested content
    to any browser , web filter helps to block adds , popus and
    any malicious act comes from web pages. If you pass arbitrary
    values with the url Kerio's GUI crashes immediately and if you
    repedetely pass arbitrary URLs Kerio will crash completely.

    =====================
    Proof Of Concept Code
    =====================

    If a URL contains  HexValue(%13%12%13)
    Kerio Firewall v4.0.13 Crashes because it can't process the
    given characters.

    http://www.cipher.org.uk/index.php?p...r/front.cipher

    Kerio can crash remotely , using url redirection or IFRAME
    without user's acceptance and can cause DoS Immediately.


    To avoid this problem you shoud disable Web Filtering until an update

    NOTE: This bug can probably be valid in Version as well 4.0.14
    since the Release History there is nothing mentioned about that
    http://www.kerio.com/us/kpf_releasehistory.html

    Emmanouel Kellinis
    http://www.cipher.org.uk

    =========================================================
    *PK:http://www.cipher.org.uk/files/pgp/c...public.key.txt
    =========================================================
    Whoever is using this firewall should protect themselves as mentioned above. Hope this helps!

  2. #2
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    Kerio Personal Firewall takes urls using a tool
    called web-filter and returns the requested content
    to any browser , web filter helps to block adds , popus and
    any malicious act comes from web pages.
    I am using the free version, and this process is disabled after 30 days anyway. Since I use other 3rd party applications to filter web content anyway, I never did use this feature. Any one who does though should disable the Web filtering componants until a patch is issued to fix this problem.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  3. #3
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    Hmm well I wouldn't know, I never tried Kerio but I remember some of the users here on AO do so, why not share?
    /\\

  4. #4
    Senior Member
    Join Date
    Oct 2001
    Posts
    786
    I got the free 30-day filtering Kerio because my Tiny Personal Firewall install got corrupt. I like Tiny better.

    Anyways, that was the first feature I disabled when I got Kerio, since it added some funky JavaScript code to do the pop-up blocking and other ad blocking. I don't want the HTML my browser recieves to be masaccred, so I turned it off. I also had problems with Mozilla and 100MB file downloads...Kerio for some reason locked up. Could be from the URL, or the program trying to process that file to remove ads....either way, I didn't like it.

    But thanks for the heads up, since I'm pretty sure most people who use it have enabled pop-up blocking, and it makes it difficult to turn the entire thing off (like 5 check boxes to uncheck). Although turning that off could also be bad if you get to a bad website...

    -Tim_axe

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •