CVE-2005-0964
CVSS4.6
发布时间 :2005-05-02 00:00:00
修订时间 :2008-09-05 16:47:48
NMCOS    

[原文]Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier allows local users to bypass firewall rules via a malicious process that impersonates a legitimate process that has fewer restrictions.


[CNNVD]Kerio Personal Firewall本地网络访问限制绕过漏洞(CNNVD-200505-386)

        Kerio Personal Firewall 4.1.2以及较早的版本存在未知漏洞,允许本地用户通过恶意进程冒充具有较少限制的合法进程来绕过防火墙规则。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:kerio:personal_firewall:4.1.2
cpe:/a:kerio:personal_firewall:4.0.16
cpe:/a:kerio:personal_firewall:4.0.9
cpe:/a:kerio:personal_firewall:4.0.10
cpe:/a:kerio:personal_firewall:4.1
cpe:/a:kerio:personal_firewall:4.1.1
cpe:/a:kerio:personal_firewall:4.0.8
cpe:/a:kerio:personal_firewall:4.0.7
cpe:/a:kerio:personal_firewall:4.0.6

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0964
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0964
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-386
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/19893
(PATCH)  XF  kerio-firewall-rule-security-bypass(19893)
http://www.securityfocus.com/bid/12946
(PATCH)  BID  12946
http://www.kerio.com/security_advisory.html#0503
(VENDOR_ADVISORY)  CONFIRM  http://www.kerio.com/security_advisory.html#0503
http://securitytracker.com/id?1013607
(UNKNOWN)  SECTRACK  1013607
http://secunia.com/advisories/14717
(VENDOR_ADVISORY)  SECUNIA  14717

- 漏洞信息

Kerio Personal Firewall本地网络访问限制绕过漏洞
中危 设计错误
2005-05-02 00:00:00 2005-10-20 00:00:00
本地  
        Kerio Personal Firewall 4.1.2以及较早的版本存在未知漏洞,允许本地用户通过恶意进程冒充具有较少限制的合法进程来绕过防火墙规则。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.kerio.com/kpf_download.html

- 漏洞信息

15123
Kerio Personal Firewall Network Rules Process Masquerade Local Bypass
Local Access Required Infrastructure
Loss of Confidentiality
Exploit Unknown

- 漏洞描述

Kerio Personal Firewall contains a flaw that may allow a malicious user with access to the victim local system the ability to launch malicious programs to bypass the firewalls rules resulting in a loss of confidentiality.

- 时间线

2005-03-30 2001-01-01
2001-01-01 2005-03-30

- 解决方案

Upgrade to version 4.1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Kerio Personal Firewall Local Network Access Restriction Bypass Vulnerability
Design Error 12946
No Yes
2005-03-30 12:00:00 2009-07-12 11:56:00
Petr Matousek of Masaryk University is credited with the discovery of this issue.

- 受影响的程序版本

Kerio Personal Firewall 4.1.2
Kerio Personal Firewall 4.1.1
Kerio Personal Firewall 4.1
Kerio Personal Firewall 4.0.16
Kerio Personal Firewall 4.0.10
Kerio Personal Firewall 4.0.9
Kerio Personal Firewall 4.0.8
Kerio Personal Firewall 4.0.7
Kerio Personal Firewall 4.0.6
Kerio Personal Firewall 4.1.3

- 不受影响的程序版本

Kerio Personal Firewall 4.1.3

- 漏洞讨论

A local network access restriction bypass vulnerability affects Kerio Personal Firewall. This issue is due to a design error that causes the application to fail to properly validate the origin of network requests.

An attacker may leverage this issue to bypass network access restrictions, potentially leading administrators to a false sense of security.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

The vendor has released an advisory along with an upgrade dealing with this issue. Users are advised to contact the vendor for more information on obtaining the updated packages.


Kerio Personal Firewall 4.0.10

Kerio Personal Firewall 4.0.16

Kerio Personal Firewall 4.0.6

Kerio Personal Firewall 4.0.7

Kerio Personal Firewall 4.0.8

Kerio Personal Firewall 4.0.9

Kerio Personal Firewall 4.1

Kerio Personal Firewall 4.1.1

Kerio Personal Firewall 4.1.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站