Kerio Personal Firewall 4.0.13 DoS vulnerability

[hypronix]

Below is the report for this flaw:

Formal Report
################################################
Application: Kerio Personal Firewall
Vendors: http://www.kerio.com
Version: 4.0.13
Platforms: Windows
Bug: GUI Crash(D.O.S)
Risk: Medium
Exploitation: Remote with browser
Date: 7 Apr 2004
Author: Emmanouel Kellinis
e-mail: me@cipher(dot)org(dot)uk
web: http://www.cipher.org.uk
#################################################

=======
Product
=======
Kerio Personal Firewall (KPF) helps users control how
their computers exchange data with other computers on
the Internet or local network.


===
Bug
===
Kerio Personal Firewall takes urls using a tool
called web-filter and returns the requested content
to any browser , web filter helps to block adds , popus and
any malicious act comes from web pages. If you pass arbitrary
values with the url Kerio's GUI crashes immediately and if you
repedetely pass arbitrary URLs Kerio will crash completely.

=====================
Proof Of Concept Code
=====================

If a URL contains  HexValue(%13%12%13)
Kerio Firewall v4.0.13 Crashes because it can't process the
given characters.

http://www.cipher.org.uk/index.php?p...r/front.cipher

Kerio can crash remotely , using url redirection or IFRAME
without user's acceptance and can cause DoS Immediately.


To avoid this problem you shoud disable Web Filtering until an update

NOTE: This bug can probably be valid in Version as well 4.0.14
since the Release History there is nothing mentioned about that
http://www.kerio.com/us/kpf_releasehistory.html

Emmanouel Kellinis
http://www.cipher.org.uk

=========================================================
*PK:http://www.cipher.org.uk/files/pgp/c...public.key.txt
=========================================================

Whoever is using this firewall should protect themselves as mentioned above. Hope this helps!

[moxnix]

Kerio Personal Firewall takes urls using a tool
called web-filter and returns the requested content
to any browser , web filter helps to block adds , popus and
any malicious act comes from web pages.

I am using the free version, and this process is disabled after 30 days anyway. Since I use other 3rd party applications to filter web content anyway, I never did use this feature. Any one who does though should disable the Web filtering componants until a patch is issued to fix this problem.

[hypronix]

Hmm well I wouldn't know, I never tried Kerio but I remember some of the users here on AO do so, why not share?

[Tim_axe]

I got the free 30-day filtering Kerio because my Tiny Personal Firewall install got corrupt. I like Tiny better.

Anyways, that was the first feature I disabled when I got Kerio, since it added some funky JavaScript code to do the pop-up blocking and other ad blocking. I don't want the HTML my browser recieves to be masaccred, so I turned it off. I also had problems with Mozilla and 100MB file downloads...Kerio for some reason locked up. Could be from the URL, or the program trying to process that file to remove ads....either way, I didn't like it.

But thanks for the heads up, since I'm pretty sure most people who use it have enabled pop-up blocking, and it makes it difficult to turn the entire thing off (like 5 check boxes to uncheck). Although turning that off could also be bad if you get to a bad website...

-Tim_axe