Reported November 9, 2004, by eEye Digital Security

VERSIONS AFFECTED

  • Kerio Personal Firewall 4.1.1 and earlier

DESCRIPTION
A Denial of Service (DoS) vulnerability has been discovered in Kerio Personal Firewall 4.1.1 and earlier. The vulnerability lets a remote attacker reliably render a system inoperative with one packet. Physical access is required in order to bring an affected system out of this "frozen" state. This specific flaw exists within the fwdrv.sys component, which performs low-level processing of TCP, UDP, and Internet Control Message Protocol (ICMP) packets.

VENDOR RESPONSE
Kerio Technologies has released a security advisory regarding this vulnerability and recommends that affected users immediately upgrade to version 4.12

CREDIT
Discovered by eEye Digital Security.