Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service
From: Nicolas RUFF <ruff.lists () edelweb fr>
Date: Mon, 15 Nov 2004 11:55:13 +0100

Does anyone actually *knows* if KPF 2 and the "Tiny" versions are vulnerable to this? Kerio's web page says:
> ...
> Has anyone seen exploits for this circulating?

Just tried on my box : TPF v2.0.15A built on 22/10/2001 is not vulnerable to the K-Otik exploit.


(BTW, I guess someone could craft a much simpler exploit with HPING ...)

-Nicolas RUFF
Security Consultant, EdelWeb

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]