Kerio Personal Firewall (KPF) UDP packet could allow an attacker to bypass the firewall
| kerio-pf-firewall-bypass (11880) |  Medium Risk |
Description:
Kerio Personal Firewall (KPF) could allow a remote attacker to bypass the firewall filters. A remote attacker can create a specially-crafted UDP packet containing a source port of 53 to cause arbitrary data to be passed through the firewall. An attacker can use this vulnerability to perform further attacks.
Platforms Affected:
- Kerio, Kerio Personal Firewall (KPF) 2.1.4
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Bypass Security
References:
- SecuriTeam Mailing List, SecurityNews 26 Apr 2003, UDP Bypassing in Kerio Firewall (UDP Scan) at http://www.securiteam.com/securitynews/5FP0N1P9PI.html.
- BID-7436: Kerio Personal Firewall Firewall Filter Bypass Vulnerability
- CVE-2003-1491: Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incoming packets from DNS (UDP port 53), which allows remote attackers to bypass the firewall filters via packets with a source port of 53.
Reported:
Apr 26, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net