lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 01 Jan 2007 14:05:49 +0100
From: Matousec - Transparent security Research <research@...ousec.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Kerio Fake 'iphlpapi' DLL injection Vulnerability

Hello,

We would like to inform you about a vulnerability Sunbelt Kerio Personal Firewall:

Description:

When Sunbelt Kerio Personal Firewall (SKPF) loads dependant modules, it relies on the operating system. System library 
iphlpapi.dll is located in the system directory but the main SKPF service, which requires and loads this DLL, is located 
in the installation directory of SKPF. This is why it tries to find iphlpapi.dll in its installation directory at first 
and then, if it is not found in this directory, it tries to find it in the system directory. Moreover, it is possible to 
create new files in the installation directory of SKPF. A malicious application can create a fake iphlpapi.dll in the 
installation directory of SKPF, which will be loaded by the operating system into the SKPF service during its 
initialization. This is how the malicious application is able to execute an arbitrary code inside SKPF service and 
bypass any of its security mechanisms.


Vulnerable software:

     * Sunbelt Kerio Personal Firewall 4.3.268
     * Sunbelt Kerio Personal Firewall 4.3.246
     * probably all versions of Sunbelt Kerio Personal Firewall 4
     * possibly older versions of Sunbelt Kerio Personal Firewall



More details and a proof of concept including its source code are available here:
http://www.matousec.com/info/advisories/Kerio-Fake-iphlpapi-DLL-injection.php


Regards,


-- 
Matousec - Transparent security Research
http://www.matousec.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ