lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: joerg at gmx.net (Jörg Klemenz)
Subject: EEYE: Kerio Personal Firewall Multiple IP Options
 Denial of Service

n3td3v schrieb:
> On Tue, 9 Nov 2004 10:38:13 -0800, Marc Maiffret <mmaiffret@...e.com> wrote:
> 
>>Systems Affected:
>>Kerio Personal Firewall 4.1.1 and prior
> 
> I assume you are not aware of the history of Kerio and how alot of
> consumers maybe still on "Tiny" versions of the code.
> 
> Tiny Personal Firewall (all versions will also be vulnerable from this.)

Does anyone actually *knows* if KPF 2 and the "Tiny" versions are 
vulnerable to this? Kerio's web page says:

"Affected products: Kerio Personal Firewall versions 4.0.0 thru 4.1.1"

This indicates that the error was introduced in version 4, whereas Eeye 
says "4.1.1 and prior".

Has anyone seen exploits for this circulating?

TIA

-- 
joerg klemenz <joerg@....net>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ