Kerio uses strange ring3 hooks that communicates the Kerio driver using an interrupt. Windows API CreateRemoteThread is hooked by Kerio in user mode in every process. Calling this API can cause a crash of the Kerio service 'kpf4ss.exe'. Sunbelt Kerio Personal Firewall 4.3.246 is affected.
629764a48b7d4cf3d87ea50f4ebf3f1664628798aa07faeb1f580b81d5a6414aAdvisory 2006-07-15.01
Kerio Terminating 'kpf4ss.exe' using internal runtime error Vulnerability
Basic information:
Release date: July 15, 2006
Last update: July 17, 2006
Type: Coding bugs
Character: Complete system control
Status: Unpatched bugs
Risk: Critical bugs
Exploitability: Locally exploitable bugs
Discoverability: Medium discoverable bugs
Testing program: temporarily unavailable on a request of the product vendor
Description:
Kerio uses strange ring3 hooks that communicates the Kerio driver using an interupt. Windows API CreateRemoteThread is hooked by Kerio in user mode in every process. Calling this API can cause a crash of the Kerio service 'kpf4ss.exe'. The cause of this behaviour is unknown. The crash of the Kerio service equals to disabling the protection. The tray icon of Kerio is not functional any more after exploiting the bug, any aplication can perform arbitrary protected action including Internet access and process creation.
Vulnerable software:
* Sunbelt Kerio Personal Firewall 4.3.246
Not vulnerable software:
* Sunbelt Kerio Personal Firewall 4.2.3.912
* probably all older versions
Events:
* 2006-07-17: Received request from the product vendor to temporarily remove the exploit code
* 2006-07-17: Vulnerability confirmed by popular information sources
* 2006-07-15: Advisory released
* 2006-07-15: Vendor notification
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed