Full Disclosure mailing list archives
Re: EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service
From: Jörg Klemenz <joerg () gmx net>
Date: Thu, 11 Nov 2004 23:19:34 +0100
n3td3v schrieb:
On Tue, 9 Nov 2004 10:38:13 -0800, Marc Maiffret <mmaiffret () eeye com> wrote:Systems Affected: Kerio Personal Firewall 4.1.1 and priorI assume you are not aware of the history of Kerio and how alot of consumers maybe still on "Tiny" versions of the code. Tiny Personal Firewall (all versions will also be vulnerable from this.)
Does anyone actually *knows* if KPF 2 and the "Tiny" versions are vulnerable to this? Kerio's web page says:
"Affected products: Kerio Personal Firewall versions 4.0.0 thru 4.1.1"This indicates that the error was introduced in version 4, whereas Eeye says "4.1.1 and prior".
Has anyone seen exploits for this circulating? TIA -- joerg klemenz <joerg () gmx net> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service Marc Maiffret (Nov 09)
- Re: EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service n3td3v (Nov 09)
- Re: EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service Jörg Klemenz (Nov 11)
- Re: EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service Nicolas RUFF (Nov 15)
- Re: EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service Jörg Klemenz (Nov 11)
- <Possible follow-ups>
- RE: EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service Marc Maiffret (Nov 11)
- Re: EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service n3td3v (Nov 09)