NSSI advisory NSSI-2002-keriopfw - The Kerio Personal Firewall 2.x.x firewall can be made to crash if flooded with SYN packets. Tested under Win2k Advance Server with SP3 and WinNT 4.0 with SP6a.
aa968e38233d82058a014061b76600a85e6043ca2aefb3216aa52b804db85ea7NSSI-Research Labs Security Advisory
http://www.nssolution.com (Philippines/.ph)
"Maximum e-security"
http://nssilabs.nssolution.com
Kerio Personal Firewall 2.x.x Denial of Service Vulnerability
Author: Abraham Lincoln Hao / SunNinja
e-Mail: abraham@nssolution.com / SunNinja@Scientist.com
Advisory Code: NSSI-2002-keriopfw
Tested: Under Win2k Advance Server with SP3 / WinNT 4.0 with SP6a
Vendor Status: Vendor inform us to release new version and hopefully it would patch the vulnerability.
Vendors website: http://www.kerio.com
Severity: High
Overview:
Kerio Personal Firewall (KPF) is a software agent that builds a barrier between your personal computer and the Internet. KPF is designed to protect your PC against attacks from both the
Internet, and other computers in the local network.
Kerio Personal Firewall 2.x.x for windows platform contains Denial of Service vulnerability. These vulnerability could allow an attacker to hang-up the host and CPU utilization will hit up to
100%.? Even if your hosts tcp/ip stack is hardened. .
Details:
Test bed:
[*Nix b0x with Synflooder] <===[10/100mbps switch===> [Host with KPF]
1] DoS vulnerability with Kerio Personal Firewall 2.x.x Default Installation
- KPF is vulnerable with Synflood attack by sending minimum of 300 syn packets the target host will stop from responding, 100% of the CPU utilization will be consumed and eventually hangs-up
the machine.
2] Setting the Personal firewall to High Security and Block all services and Protocols.
- It is quite similar to the first one but the personal firewall is configured to block all services and protocols. After sending a minimum of 500 syn packets from port 1-1024. The host will stop from
responding, 100% of the CPU utilization will be consumed.
Workaround:
1] Disable the Personal Firewall or Stop the KPF service. Wiindows with latest security patch or hotfix alone can handle 300-500 syn packets from a single host.
Any Questions? Suggestions? or Comments? let us know. (feel free)
e-mail: nssilabs@nssolution.com / abraham@nssolution.com / infosec@nssolution.com
greetings:
Lawless the saint ;), dig0, b45h3r, jethro, nssilabs team ;), mr. d.f.a and to our webmaster raymund (R2/D2)
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed