Vulnerability-Lookup

CERTA-2004-AVI-375

Vulnerability from certfr_avis - Published: 2004-11-22 - Updated: 2004-11-22

Une vulnérabilité dans Kerio Personal Firewall permet à un utilisateur mal intentionné de créer un déni de service sur la plate-forme vulnérable.

Description

Kerio Personal Firewall est un pare-feu personnel.
Une vulnérabilité dans Kerio Personal Firewall permet à un utilisateur mal intentionné de réaliser un déni de service (utilisation de la totalité de la CPU, la machine devenant inutilisable) en envoyant un paquet unique habilement constitué en direction de la machine où se trouve le pare-feu vulnérable.

Solution

Mettre à jour Kerio Personal Firewall en version 4.1.2.
Site Internet de téléchargement de Kerio Personal Firewall :

http://www.kerio.com/kpf_download.html

Kerio Personal Firewall version 4.1.1 et versions antérieures (de la branche 4.0.0).

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité KSEC-2004-11-04-01 du 04 novembre 2004	None	vendor-advisory
Site Internet de Kerio Personal Firewall :	-	other
Bulletin de sécurité de Kerio Technologies KSEC-2004-11-04-01 du 04 novembre 2004 :	-	other
Bulletin de sécurité de eEye Digital Security AD20041109 du 09 novembre 2004 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eKerio Personal Firewall version 4.1.1  et versions ant\u00e9rieures (de la branche 4.0.0).\u003c/p\u003e",
  "content": "## Description\n\nKerio Personal Firewall est un pare-feu personnel.  \nUne vuln\u00e9rabilit\u00e9 dans Kerio Personal Firewall permet \u00e0 un utilisateur\nmal intentionn\u00e9 de r\u00e9aliser un d\u00e9ni de service (utilisation de la\ntotalit\u00e9 de la CPU, la machine devenant inutilisable) en envoyant un\npaquet unique habilement constitu\u00e9 en direction de la machine o\u00f9 se\ntrouve le pare-feu vuln\u00e9rable.\n\n## Solution\n\nMettre \u00e0 jour Kerio Personal Firewall en version 4.1.2.  \nSite Internet de t\u00e9l\u00e9chargement de Kerio Personal Firewall :\n\n    http://www.kerio.com/kpf_download.html\n",
  "cves": [],
  "initial_release_date": "2004-11-22T00:00:00",
  "last_revision_date": "2004-11-22T00:00:00",
  "links": [
    {
      "title": "Site Internet de Kerio Personal Firewall :",
      "url": "http://www.kerio.com/kpf_home.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de Kerio Technologies    KSEC-2004-11-04-01 du 04 novembre 2004 :",
      "url": "http://www.kerio.com/security_advisory.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 de eEye Digital Security AD20041109 du    09 novembre 2004 :",
      "url": "http://www.eeye.com/html/research/advisories/AD20041109.html"
    }
  ],
  "reference": "CERTA-2004-AVI-375",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-11-22T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans Kerio Personal Firewall permet \u00e0 un utilisateur\nmal intentionn\u00e9 de cr\u00e9er un d\u00e9ni de service sur la plate-forme\nvuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9 de Kerio Personal Firewall",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 KSEC-2004-11-04-01 du 04 novembre 2004",
      "url": null
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted