TITLE: Kerio Personal/Server Firewall FWDRV Driver Denial of Service SECUNIA ADVISORY ID: SA17155 VERIFY ADVISORY: http://secunia.com/advisories/17155/ CRITICAL: Not critical IMPACT: DoS WHERE: Local system SOFTWARE: Kerio ServerFirewall 1.x http://secunia.com/product/4378/ Kerio Personal Firewall 4.x http://secunia.com/product/2654/ Kerio Personal Firewall 3.x http://secunia.com/product/2653/ Kerio Personal Firewall 2.x http://secunia.com/product/1493/ DESCRIPTION: Piotr Bania has reported a weakness in Kerio Personal/ServerFirewall, which can be exploited by malicious, local users to cause a DoS (Denial of Service). The weakness is caused due to missing validation checks in the FWDRV driver before reading the PEB (Process Environment Block) of a process. This can be exploited to crash the system via a malicious application that locks the memory page where its PEB resides before connecting to the network. The weakness has been reported in versions: * Kerio Personal Firewall version 4.2.0 and prior. * Kerio ServerFirewall version 1.1.1 and prior. SOLUTION: Kerio Personal Firewall: Update to version 4.2.1 or later. Kerio ServerFirewall: Update to version 1.1.2 or later. PROVIDED AND/OR DISCOVERED BY: Piotr Bania ORIGINAL ADVISORY: Kerio: http://www.kerio.com/security_advisory.html Piotr Bania: http://pb.specialised.info/all/adv/kerio-fwdrv-dos-adv.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------