CERTA-2004-AVI-375
Vulnerability from certfr_avis

Une vulnérabilité dans Kerio Personal Firewall permet à un utilisateur mal intentionné de créer un déni de service sur la plate-forme vulnérable.

Description

Kerio Personal Firewall est un pare-feu personnel.
Une vulnérabilité dans Kerio Personal Firewall permet à un utilisateur mal intentionné de réaliser un déni de service (utilisation de la totalité de la CPU, la machine devenant inutilisable) en envoyant un paquet unique habilement constitué en direction de la machine où se trouve le pare-feu vulnérable.

Solution

Mettre à jour Kerio Personal Firewall en version 4.1.2.
Site Internet de téléchargement de Kerio Personal Firewall :

http://www.kerio.com/kpf_download.html

Kerio Personal Firewall version 4.1.1 et versions antérieures (de la branche 4.0.0).

Impacted products
Vendor Product Description
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eKerio Personal Firewall version 4.1.1  et versions ant\u00e9rieures (de la branche 4.0.0).\u003c/p\u003e",
  "content": "## Description\n\nKerio Personal Firewall est un pare-feu personnel.  \nUne vuln\u00e9rabilit\u00e9 dans Kerio Personal Firewall permet \u00e0 un utilisateur\nmal intentionn\u00e9 de r\u00e9aliser un d\u00e9ni de service (utilisation de la\ntotalit\u00e9 de la CPU, la machine devenant inutilisable) en envoyant un\npaquet unique habilement constitu\u00e9 en direction de la machine o\u00f9 se\ntrouve le pare-feu vuln\u00e9rable.\n\n## Solution\n\nMettre \u00e0 jour Kerio Personal Firewall en version 4.1.2.  \nSite Internet de t\u00e9l\u00e9chargement de Kerio Personal Firewall :\n\n    http://www.kerio.com/kpf_download.html\n",
  "cves": [],
  "initial_release_date": "2004-11-22T00:00:00",
  "last_revision_date": "2004-11-22T00:00:00",
  "links": [
    {
      "title": "Site Internet de Kerio Personal Firewall :",
      "url": "http://www.kerio.com/kpf_home.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de Kerio Technologies    KSEC-2004-11-04-01 du 04 novembre 2004 :",
      "url": "http://www.kerio.com/security_advisory.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de eEye Digital Security AD20041109 du    09 novembre 2004 :",
      "url": "http://www.eeye.com/html/research/advisories/AD20041109.html"
    }
  ],
  "reference": "CERTA-2004-AVI-375",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-11-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans Kerio Personal Firewall permet \u00e0 un utilisateur\nmal intentionn\u00e9 de cr\u00e9er un d\u00e9ni de service sur la plate-forme\nvuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Kerio Personal Firewall",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 KSEC-2004-11-04-01 du 04 novembre 2004",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.