Signature Detail

MISC: Kerio Personal Firewall Authentication Overflow

This signature detects attempts to exploit a known vulnerability in Kerio Personal Firewall. Kerio Personal Firewall 2.1.4 and earlier are vulnerable. Attackers can use an invalid authentication, attempting to exploit this vulnerability and execute arbitrary code on the target host.

Extended Description

A buffer-overflow vulnerability has been discovered in Kerio Personal Firewall. The problem occurs during the administration authentication process. An attacker could exploit this vulnerability by forging a malicious packet containing an excessive data size. The application then reads this data into a static memory buffer without first performing sufficient bounds checking. Successful exploits of this vulnerability may allow an attacker to execute arbitrary commands on a target system, with the privileges of the firewall. Note that this vulnerability affects Kerio Personal Firewall 2.1.4 and earlier.

Affected Products

• Kerio Personal Firewall 2 2.1.0
• Kerio Personal Firewall 2 2.1.1
• Kerio Personal Firewall 2 2.1.2
• Kerio Personal Firewall 2 2.1.3
• Kerio Personal Firewall 2 2.1.4

References

• BugTraq: 7180
• CVE: CVE-2003-0220
• URL: http://www.frsirt.com/exploits/20060228.kerio_auth.pm.php
• URL: http://marc.theaimsgroup.com/?l=bugtraq&m=105155734411836&w=2
• URL: http://www.kb.cert.org/vuls/id/454716