CVE-2005-1063
CVSS5.0
发布时间 :2005-04-29 00:00:00
修订时间 :2008-09-05 16:48:06
NMCOS    

[原文]The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to cause a denial of service (CPU consumption) via certain attacks that force the product to "compute unexpected conditions" and "perform cryptographic operations."


[CNNVD]Kerio管理端口拒绝服务漏洞(CNNVD-200504-125)

        Kerio的WinRoute Firewall是一个能够实现公司多台计算机共享一个单一的Internet连接上网的代理服务器(Proxy Server),同时也是一个获得了ICSA认证的企业级的防火墙(corporate firewall),他的防火墙能力是其它硬件和软件的有力竞争者。WinRouteFirewall 6不仅仅是一个防火墙软件,其中还所有连接联机共享功能 。该软件也具有超强病毒防护的功能,可以帮你监控 HTTP and FTP 联机进出是否有危害的病毒。
        用于Kerio WinRoute Firewall 6.x至6.0.10、Personal Firewall 4.x至4.1.2和MailServer up to 6.0.8版本的管理协议使得远程攻击者可以通过强制产品"计算意外条件"和"执行密码操作"的特定攻击从而发起拒绝服务攻击(CPU耗损)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:kerio:winroute_firewall:6.0.2
cpe:/a:kerio:personal_firewall:4.0.9
cpe:/a:kerio:winroute_firewall:6.0.8
cpe:/a:kerio:winroute_firewall:6.0.4
cpe:/a:kerio:kerio_mailserver:6.0.5
cpe:/a:kerio:winroute_firewall:6.0.9
cpe:/a:kerio:kerio_mailserver:6.0.2
cpe:/a:kerio:personal_firewall:4.1.2
cpe:/a:kerio:personal_firewall:4.0.16
cpe:/a:kerio:winroute_firewall:6.0.1
cpe:/a:kerio:winroute_firewall:6.0.3
cpe:/a:kerio:kerio_mailserver:6.0.4
cpe:/a:kerio:winroute_firewall:6.0.6
cpe:/a:kerio:winroute_firewall:6.0
cpe:/a:kerio:personal_firewall:4.0.10
cpe:/a:kerio:personal_firewall:4.1
cpe:/a:kerio:personal_firewall:4.1.1
cpe:/a:kerio:personal_firewall:4.0.6
cpe:/a:kerio:personal_firewall:4.0.7
cpe:/a:kerio:personal_firewall:4.0.8
cpe:/a:kerio:winroute_firewall:6.0.7
cpe:/a:kerio:kerio_mailserver:6.0.1
cpe:/a:kerio:winroute_firewall:6.0.5
cpe:/a:kerio:kerio_mailserver:6.0
cpe:/a:kerio:kerio_mailserver:6.0.3

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1063
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1063
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200504-125
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/archive/1/397220
(VENDOR_ADVISORY)  BUGTRAQ  20050429 [CAN-2005-1063] Administration protocol abuse leads to Service and System Denial of Service
http://www.kerio.com/security_advisory.html
(VENDOR_ADVISORY)  CONFIRM  http://www.kerio.com/security_advisory.html

- 漏洞信息

Kerio管理端口拒绝服务漏洞
中危 其他
2005-04-29 00:00:00 2006-09-27 00:00:00
远程  
        Kerio的WinRoute Firewall是一个能够实现公司多台计算机共享一个单一的Internet连接上网的代理服务器(Proxy Server),同时也是一个获得了ICSA认证的企业级的防火墙(corporate firewall),他的防火墙能力是其它硬件和软件的有力竞争者。WinRouteFirewall 6不仅仅是一个防火墙软件,其中还所有连接联机共享功能 。该软件也具有超强病毒防护的功能,可以帮你监控 HTTP and FTP 联机进出是否有危害的病毒。
        用于Kerio WinRoute Firewall 6.x至6.0.10、Personal Firewall 4.x至4.1.2和MailServer up to 6.0.8版本的管理协议使得远程攻击者可以通过强制产品"计算意外条件"和"执行密码操作"的特定攻击从而发起拒绝服务攻击(CPU耗损)。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Kerio Personal Firewall 4.0.10
        Kerio Kerio Personal Firewall 4.1.3
        http://www.kerio.com/kpf_download.html
        Kerio Personal Firewall 4.0.16
        Kerio Kerio Personal Firewall 4.1.3
        http://www.kerio.com/kpf_download.html
        Kerio Personal Firewall 4.0.6
        Kerio Kerio Personal Firewall 4.1.3
        http://www.kerio.com/kpf_download.html
        Kerio Personal Firewall 4.0.7
        Kerio Kerio Personal Firewall 4.1.3
        http://www.kerio.com/kpf_download.html
        Kerio Personal Firewall 4.0.8
        Kerio Kerio Personal Firewall 4.1.3
        http://www.kerio.com/kpf_download.html
        Kerio Personal Firewall 4.0.9
        Kerio Kerio Personal Firewall 4.1.3
        http://www.kerio.com/kpf_download.html
        Kerio Personal Firewall 4.1
        Kerio Kerio Personal Firewall 4.1.3
        http://www.kerio.com/kpf_download.html
        Kerio Personal Firewall 4.1.1
        Kerio Kerio Personal Firewall 4.1.3
        http://www.kerio.com/kpf_download.html
        Kerio Personal Firewall 4.1.2
        Kerio Kerio Personal Firewall 4.1.3
        http://www.kerio.com/kpf_download.html
        Kerio Mailserver 6.0
        Kerio Kerio MailServer 6.0.9
        http://www.kerio.com/kms_download.html
        Kerio WinRoute Firewall 6.0
        Kerio WinRoute Firewall 6.0.11
        http://www.kerio.com/kwf_download.html
        Kerio Mailserver 6.0.1
        Kerio Kerio MailServer 6.0.9
        http://www.kerio.com/kms_download.html
        Kerio WinRoute Firewall 6.0.1
        Kerio WinRoute Firewall 6.0.11
        http://www.kerio.com/kwf_download.html
        Kerio Mailserver 6.0.2
        Kerio Kerio MailServer 6.0.9
        http://www.kerio.com/kms_download.html
        Kerio WinRoute Firewall 6.0.2
        Kerio WinRoute Firewall 6.0.11
        http://www.kerio.com/kwf_download.html
        Kerio Mailserver 6.0.3
        Kerio Kerio MailServer 6.0.9
        http://www.kerio.com/kms_download.html
        Kerio WinRoute Firewall 6.0.3
        Kerio WinRoute Firewall 6.0.11
        http://www.kerio.com/kwf_download.html
        Kerio Mailserver 6.0.4
        Kerio Kerio MailServer 6.0.9
        http://www.kerio.com/kms_download.html
        Kerio WinRoute Firewall 6.0.4
        Kerio WinRoute Firewall 6.0.11
        http://www.kerio.com/kwf_download.html
        Kerio Mailserver 6.0.5
        Kerio Kerio MailServer 6.0.9
        http://www.kerio.com/kms_download.html
        Kerio WinRoute Firewall 6.0.5
        Kerio WinRoute Firewall 6.0.11
        http://www.kerio.com/kwf_download.html
        Kerio WinRoute Firewall 6.0.6
        Kerio WinRoute Firewall 6.0.11
        http://www.kerio.com/kwf_download.html
        Kerio WinRoute Firewall 6.0.7
        Kerio WinRoute Firewall 6.0.11
        http://www.kerio.com/kwf_download.html
        Kerio WinRoute Firewall 6.0.8
        Kerio WinRoute Firewall 6.0.11
        http://www.kerio.com/kwf_download.html
        Kerio WinRoute Firewall 6.0.9
        Kerio WinRoute Firewall 6.0.11
        http://www.kerio.com/kwf_download.html
        

- 漏洞信息

16052
Multiple Kerio Products Administration Protocol Remote DoS
Remote / Network Access Denial of Service
Loss of Availability

- 漏洞描述

Multiple Kerio products contain a flaw that may allow a remote denial of service. The issue is triggered during the pre-authentication state. If a remote attacker forces the system to "compute unexpected conditions", "perform cryptographic operations" or exceed the limit of maximum number of user connections, it will result in loss of availability for the service.

- 时间线

2005-04-29 2005-02-21
Unknow 2005-04-29

- 解决方案

Upgrade to the following versions or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. Kerio Personal Firewall - 4.1.3 Kerio WinRoute Firewall - 6.0.11 Kerio MailServer - 6.0.9

- 相关参考

- 漏洞作者

- 漏洞信息

Kerio Administration Port Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 13458
Yes No
2005-05-02 12:00:00 2009-07-12 02:06:00
Javier Munoz (Secure Computer Group) is credited with the discovery of this vulnerability.

- 受影响的程序版本

Kerio WinRoute Firewall 6.0.9
Kerio WinRoute Firewall 6.0.8
Kerio WinRoute Firewall 6.0.7
Kerio WinRoute Firewall 6.0.6
Kerio WinRoute Firewall 6.0.5
Kerio WinRoute Firewall 6.0.4
Kerio WinRoute Firewall 6.0.3
Kerio WinRoute Firewall 6.0.2
Kerio WinRoute Firewall 6.0.1
Kerio WinRoute Firewall 6.0
Kerio Personal Firewall 4.1.2
Kerio Personal Firewall 4.1.1
Kerio Personal Firewall 4.1
Kerio Personal Firewall 4.0.16
Kerio Personal Firewall 4.0.10
Kerio Personal Firewall 4.0.9
Kerio Personal Firewall 4.0.8
Kerio Personal Firewall 4.0.7
Kerio Personal Firewall 4.0.6
Kerio Mailserver 6.0.5
Kerio Mailserver 6.0.4
Kerio Mailserver 6.0.3
Kerio Mailserver 6.0.2
Kerio Mailserver 6.0.1
Kerio Mailserver 6.0
Kerio WinRoute Firewall 6.0.11
Kerio Personal Firewall 4.1.3
Kerio Mailserver 6.0.9

- 不受影响的程序版本

Kerio WinRoute Firewall 6.0.11
Kerio Personal Firewall 4.1.3
Kerio Mailserver 6.0.9

- 漏洞讨论

Various Kerio products are vulnerable to a denial of service vulnerability with regards to the administration port.

This issue is due to a failure of the application to properly handle exceptional conditions with regards to specifically malformed data.

A remote attacker may leverage these issues, without requiring
authentication, to exhaust resources on an affected computer, effectively
denying service for legitimate users.

The vendor has addressed this issue in Kerio MailServer 6.0.9, Kerio
WinRoute Firewall 6.0.11, and Kerio Personal Firewall 4.1.3; earlier
versions of these products are reported vulnerable.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

The vendor has addressed these issues:


Kerio Personal Firewall 4.0.10

Kerio Personal Firewall 4.0.16

Kerio Personal Firewall 4.0.6

Kerio Personal Firewall 4.0.7

Kerio Personal Firewall 4.0.8

Kerio Personal Firewall 4.0.9

Kerio Personal Firewall 4.1

Kerio Personal Firewall 4.1.1

Kerio Personal Firewall 4.1.2

Kerio Mailserver 6.0

Kerio WinRoute Firewall 6.0

Kerio Mailserver 6.0.1

Kerio WinRoute Firewall 6.0.1

Kerio Mailserver 6.0.2

Kerio WinRoute Firewall 6.0.2

Kerio Mailserver 6.0.3

Kerio WinRoute Firewall 6.0.3

Kerio Mailserver 6.0.4

Kerio WinRoute Firewall 6.0.4

Kerio Mailserver 6.0.5

Kerio WinRoute Firewall 6.0.5

Kerio WinRoute Firewall 6.0.6

Kerio WinRoute Firewall 6.0.7

Kerio WinRoute Firewall 6.0.8

Kerio WinRoute Firewall 6.0.9

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站