Kerio Personal Firewall rules security bypass
| kerio-firewall-rule-security-bypass (19893) |  High Risk |
Description:
Kerio Personal Firewall (KPF) could allow a local attacker to bypass security firewall rules. A local attacker, with access to the system, could create a malicious program that would be disguised as a different program, to use the program's credentials to bypass the security firewall rules and gain unauthorized access to the Internet.
Consequences:
Bypass Security
Remedy:
Upgrade to the latest version of Kerio Personal Firewall (4.1.3 or later), available from the Kerio Personal Firewall Download Web page. See References.
References:
- Kerio Advisory: KSEC-2005-03-30-01: Local application can bypass network rules.
- Kerio Personal Firewall Download Web page: Download.
- BID-12946: Kerio Personal Firewall Local Network Access Restriction Bypass Vulnerability
- CVE-2005-0964: Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier allows local users to bypass firewall rules via a malicious process that impersonates a legitimate process that has fewer restrictions.
- SA14717: Kerio Personal Firewall Network Rules Security Bypass
- SECTRACK ID: 1013607: Kerio Personal Firewall Access Controls Can Be Bypassed Via Application Masquerading
Platforms Affected:
- Kerio Kerio Personal Firewall (KPF) 4.1.2 and prior
Reported:
Mar 30, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net