Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Firewall)  >   Kerio Personal Firewall Vendors:   Kerio Technologies
Kerio Personal Firewall Application Security Can Be Disabled By Certain Local Users
SecurityTracker Alert ID:  1011152
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 3 2004
Impact:   Modification of system information
Exploit Included:  Yes  
Version(s): 4.0.16
Description:   A vulnerability was reported in the Kerio Personal Firewall. The application launch protection feature can be disabled by local users with administrator privileges.

Tan Chew Keong of SIG^2 Vulnerability Research reported that a local application can make direct writes to \device\physicalmemory to restore the kernel's SDT ServiceTable to disable the application security features.

Only the application execution protection feature is affected (the firewall functions are not affected).

Administrator privileges are required to exploit this vulnerability.

The vulnerability was discovered on June 26, 2004 and the vendor was notified on June 27, 2004.

[Editor's note: A user with administrator privileges can, of course, disable the application without having to exploit this flaw.]

Impact:   A local user with administrator privileges can disable the application protection features.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)
Underlying OS Comments:  Tested on Windows 2000 SP4 and Windows XP SP1 and SP2

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC