SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Issue multiple certificates with Thawte SPKI
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Firewall)  >  Kerio Personal Firewall Vendors:  Kerio Technologies
Kerio Personal Firewall Default Setting Lets Remote Users Send UDP Packets Through the Firewall
SecurityTracker Alert ID:  1006624
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 22 2003
Impact:  Host/resource access via network
Exploit Included:  Yes  
Version(s): 2.1.4
Description:  A vulnerability was reported in the Kerio Personal Firewall. A remote user can send UDP packets through the firewall to the target host.

It is reported that the default rule set of the firewall will cause the firewall to accept any inbound UDP packet with a source port of 53. A remote user can send UDP packets through the firewall to the target host by setting the source port of the packets to 53.

A demonstration exploit using the nmap port scanning tool is provided:

nmap -v -P0 -sU -p 1900 [ip_address] -g 53

The vendor has reportedly been notified.
Impact:  A remote user can send UDP packets through the firewall to the target host.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.kerio.com/us/kpf_home.html (Links to External Site)
Cause:  Access control error
Underlying OS:  Windows (Any)
Reported By:  "David F. Madrid" <conde0@telefonica.net>
Message History:   None.

 Source Message Contents
Date:  Tue, 22 Apr 2003 11:57:50 -0300 (ART)
From:  "David F. Madrid" <conde0@telefonica.net>
Subject:  [Full-Disclosure] UDP bypassing in Kerio Firewall 2.1.4

 


Issue : UDP bypassing in Kerio Firewall

Affected product : Kerio Firewall 2.1.4 ( last build in his website )

Vendor status : vendor was contacted months ago

Tested Enviroment : switched LAN

Description :

Kerio develops a free firewall thats ships with default rules . Every
incoming / outgoing packet is compared against the default ruleset . As
the first rule accepts incoming packets if remote port is equal to 53 (
DNS ) the firewall can be easily bypassed just setting the source port of
the attack to 53
Exploit : nmap -v -P0 -sU -p 1900 192.168.0.5 -g 53

Recomendations : set a rule to restrict the local ports to a range of
1024-5000 for DNS connections

-- 
Regards ,

David F. Madrid
Madrid , Spain

www.nautopia.org


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC