Title: Kerio Personal Firewall Local Denial Of Service Vulnerability
Severity: MODERATE
Description:
Kerio Personal Firewall (KPF) is a desktop firewall solution that performs stateful packet inspection. It is commercially available for the Microsoft Windows platform. To complete low-level network-based access controls, the Kerio Personal Firewall driver hooks certain (unknown) interrupt gates of the Kernel Interrupt Descriptor Table (IDT).
It is reported that the KPF driver does not sufficiently sanitize API parameters that are received from the API's that are hooked by KPF. Reports indicate that when the affected API's are called with no arguments that are explicitly defined the API calls will use whatever data is located on the process stack. When the KPF API hook handles this parameter data it will fail. Reports indicate that this exception is not expected and as a result, the Windows kernel crashes triggering a system wide denial of service.
A local attacker may exploit this vulnerability to deny service to legitimate users.
Further research into this issue is ongoing; this BID will be updated as research is completed.
Affected Products:
- Kerio Personal Firewall 2 2.1.0
- Kerio Personal Firewall 2 2.1.1
- Kerio Personal Firewall 2 2.1.2
- Kerio Personal Firewall 2 2.1.3
- Kerio Personal Firewall 2 2.1.4
- Kerio Personal Firewall 2 2.1.5
- Kerio Personal Firewall 4.0.10
- Kerio Personal Firewall 4.0.16
- Kerio Personal Firewall 4.0.6
- Kerio Personal Firewall 4.0.7
- Kerio Personal Firewall 4.0.8
- Kerio Personal Firewall 4.0.9
- Kerio Personal Firewall 4.1.0
- Kerio Personal Firewall 4.1.1
- Kerio Personal Firewall 4.1.2
References:
- Kerio: Kerio Home Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
