|
Formal Report ################################################ Application: Kerio Personal Firewall Vendors: http://www.kerio.com Version: 4.0.13 Platforms: Windows Bug: GUI Crash(D.O.S) Risk: Medium Exploitation: Remote with browser Date: 7 Apr 2004 Author: Emmanouel Kellinis e-mail: me@cipher(dot)org(dot)uk web: http://www.cipher.org.uk ################################################# ======= Product ======= Kerio Personal Firewall (KPF) helps users control how their computers exchange data with other computers on the Internet or local network. === Bug === Kerio Personal Firewall takes urls using a tool called web-filter and returns the requested content to any browser , web filter helps to block adds , popus and any malicious act comes from web pages. If you pass arbitrary values with the url Kerio's GUI crashes immediately and if you repedetely pass arbitrary URLs Kerio will crash completely. ===================== Proof Of Concept Code ===================== If a URL contains HexValue(%13%12%13) Kerio Firewall v4.0.13 Crashes because it can't process the given characters. http://www.cipher.org.uk/index.php?p=cipher/front.cipher Kerio can crash remotely , using url redirection or IFRAME without user's acceptance and can cause DoS Immediately. To avoid this problem you shoud disable Web Filtering until an update NOTE: This bug can probably be valid in Version as well 4.0.14 since the Release History there is nothing mentioned about that http://www.kerio.com/us/kpf_releasehistory.html Emmanouel Kellinis http://www.cipher.org.uk ========================================================= *PK:http://www.cipher.org.uk/files/pgp/cipherorguk.public.key.txt =========================================================