SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Firewall)  >   Kerio Personal Firewall Vendors:   Kerio Technologies
(Vendor Denies Vulnerability) Re: Kerio Personal Firewall Allows Remote Users to Cause a Protected Host to Crash
SecurityTracker Alert ID:  1005149
SecurityTracker URL:  http://securitytracker.com/id/1005149
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 28 2002
Impact:   Denial of service via network

Version(s): 2.x.x
Description:   A denial of service vulnerability was reported in the Kerio Personal Firewall software for Microsoft Windows operating systems. A remote user can cause a host protected by the firewall software to crash.

NSSI-Research Labs warned that a remote user could cause the protected host's CPU utilization to reach 100%, even if the host's TCP/IP stack has been hardened.

It is reported that the firewall is vulnerable to SYN flood attacks. A remote user can send 300 or more TCP SYN packets to cause the target host to stop responding and the host to eventually crash.

If the firewall is set to block all services and protocols, a remote user can send 500 or more TCP SYN packets to cause the target host to stop responding and CPU utilization to reach 100%.

Impact:   A remote user can cause CPU utilization to reach 100% or the protected target host to crash.
Solution:   The vendor has replied that the product is not vulnerable.

The vendor has reportedly made the following statement:

"Defense against this type of DOS attack is a job of the underlying operating system's TCP/IP stack. The following link contains information on how to enable SYN flooding protection on Windows NT, 2000 or XP:

http://www.microsoft.com/technet/security/prodtech/network/secdeny.asp

Author of the advisory was not able to provide us with any details on the XSS vulnerabilites he claims he found. The only information we got was a link to XSS FAQ. Our internal testing did not reveal any security holes.

We resolved all claims in this advisory as bogus - they don't contain enough information to be of any value. There are no known and verified security vulnerabilites in Kerio MailServer 5 that would be known to us."

Vendor URL:  www.kerio.com/us/kpf_home.html (Links to External Site)
Cause:   Exception handling error, Resource error
Underlying OS:  Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Aug 27 2002 Kerio Personal Firewall Allows Remote Users to Cause a Protected Host to Crash



 Source Message Contents

Subject:  Re: Kerio Mail Server Multiple Security Vulnerabilities


Abraham Lincoln wrote:

> 1] Multiple DOS vulnerabilities with Kerio Mail Server services
>
> - By sending multiple "SYN" packet to every services of the mail
> server (POP3, SMTP, IMAP, Secure IMAP, POP3S, Web-mail, Secure
> Web-mail) it would stop the mail server  services from responding.
> Sending minimum of 5 syn packet is enough to stop the service from
> responding and the service will be up again after several mins. This
> vulnerability consumes all resources of the system that forces the
> service to stop responding.
>

Defense against this type of DOS attack is a job of the underlying 
operating system's TCP/IP stack. The following link contains information 
on how to enable SYN flooding protection on Windows NT, 2000 or XP:

http://www.microsoft.com/technet/security/prodtech/network/secdeny.asp

> 2] Cross-Site Scripting vulnerabilities
>
> - Kerio's Web-Mail contains a Multiple Cross-site scripting
> vulnerabilities that could allow any user who's allowed to access the
> web-mail to execute Malicious scripts. Even Secure Web-mail is
> affected by this vulnerability.


Author of the advisory was not able to provide us with any details on 
the XSS vulnerabilites he claims he found. The only information we got 
was a link to XSS FAQ. Our internal testing did not reveal any security 
holes.

We resolved all claims in this advisory as bogus - they don't contain 
enough information to be of any value. There are no known and verified 
security vulnerabilites in Kerio MailServer 5 that would be known to us.

Jaroslav Snajdr
Kerio MailServer Development Team
Kerio Technologies






 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC