Full Disclosure: RE: EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Full Disclosure mailing list archives

RE: EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service

From: "Marc Maiffret" <mmaiffret () eeye com>
Date: Thu, 11 Nov 2004 17:27:52 -0800

Tiny Personal Firewall 6.0 was tested immediately after we had discovered the Kerio bug and the issue did/does not 
exist in the current version of Tiny Personal Firewall 6.0. Only versions of Kerio Personal Firewall 4.0.0 - 4.1.1 are 
affected by the IP Options bug.

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities 

Important Notice: This email is confidential, may be legally privileged, and is for the intended recipient only. 
Access, disclosure, copying, distribution, or reliance on any of it by anyone else is prohibited and may be a criminal 
offense.  Please delete if obtained in error and email confirmation to the sender. 

| -----Original Message-----
| From: full-disclosure-admin () lists netsys com 
| [mailto:full-disclosure-admin () lists netsys com] On Behalf Of 
| Jörg Klemenz
| Sent: Thursday, November 11, 2004 2:20 PM
| To: Full-Disclosure
| Subject: Re: [Full-disclosure] EEYE: Kerio Personal Firewall 
| Multiple IP Options Denial of Service
| 
| n3td3v schrieb:
| > On Tue, 9 Nov 2004 10:38:13 -0800, Marc Maiffret 
| <mmaiffret () eeye com> wrote:
| > 
| >>Systems Affected:
| >>Kerio Personal Firewall 4.1.1 and prior
| > 
| > I assume you are not aware of the history of Kerio and how alot of 
| > consumers maybe still on "Tiny" versions of the code.
| > 
| > Tiny Personal Firewall (all versions will also be vulnerable from 
| > this.)
| 
| Does anyone actually *knows* if KPF 2 and the "Tiny" versions 
| are vulnerable to this? Kerio's web page says:
| 
| "Affected products: Kerio Personal Firewall versions 4.0.0 thru 4.1.1"
| 
| This indicates that the error was introduced in version 4, 
| whereas Eeye says "4.1.1 and prior".
| 
| Has anyone seen exploits for this circulating?
| 
| TIA
| 
| --
| joerg klemenz <joerg () gmx net>
| 
| _______________________________________________
| Full-Disclosure - We believe in it.
| Charter: http://lists.netsys.com/full-disclosure-charter.html
| 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

By Date By Thread

Current thread:

EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service Marc Maiffret (Nov 09)
- Re: EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service n3td3v (Nov 09)
  - Re: EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service Jörg Klemenz (Nov 11)
    - Re: EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service Nicolas RUFF (Nov 15)
- <Possible follow-ups>
- RE: EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service Marc Maiffret (Nov 11)