mailing list archives
s0h: Kerio Personal Firewall and Tiny Personal Firewall remote exploit/patch.
From: descript <descript () sv98 s0h cc>
Date: Thu, 8 May 2003 20:40:20 +0000
April 28, 2003, the CoreSecurity team publishes security advisory concerning 2 holes in Kiero Personal Firewall, of
which one of both is Remote Buffer Overflow in the process of connection of the remote admin module.
Kiero Personal Firewall using PFEngine, an common firewall engine, it proves that the vulnerability is also present in
Tiny Personal Firewall!
In the same time, every PFE firewall based products are vulnerable...
Today, the Thursday, May 8, 2003 6:27 PM, ThreaT (again () #!) from Skin Of Humanity Group released the exploit and the
UNOFFICIAL patch for Kerio Personal Firewall version 22.214.171.124 (and previous versions) and Tiny Personal Firewall version
Please enjoy sources of the patch at : http://www.s0h.cc/~threat/goodies/PFpatch/sources_PFpatch.zip
To correct this problem on your personnal firewall use this address :
To understanding the hole and the exploitation method please get the exploit at
A french advisory was writed at http://s0h.cc/~threat/goodies/PFpatch/
Sight that Kiero did not want to answer the CoreSecurity request, we did not inform Kerio. i think they do not
understood what it passed. (no offence).
Special Thanks to :
- Emiliano Kargieman from CoreSecurity
- Hern?n Gips from CoreSecurity
- Javier Burroni from CoreSecurity
- ThreaT from Skin Of Humanity
Please note :
The Skin Of Humanity Group protect all its members.if a problem occurs concerning this diffusion, the author is not
responsible, the leader of the group is in all the responsible case of cause. Since the diffusion does not come from
the creator but from the group. Thank you.
Best regards and respect,
Descript. <descript () s0h cc>
Skin Of Humanity
- s0h: Kerio Personal Firewall and Tiny Personal Firewall remote exploit/patch. descript (May 08)