Full Disclosure mailing list archives
Re: EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service
From: Nicolas RUFF <ruff.lists () edelweb fr>
Date: Mon, 15 Nov 2004 11:55:13 +0100
Does anyone actually *knows* if KPF 2 and the "Tiny" versions are vulnerable to this? Kerio's web page says:
> ... > Has anyone seen exploits for this circulating?Just tried on my box : TPF v2.0.15A built on 22/10/2001 is not vulnerable to the K-Otik exploit.
http://www.k-otik.com/exploits/20041111.HOD-kerio-firewall-DoS-expl.c (BTW, I guess someone could craft a much simpler exploit with HPING ...) -Nicolas RUFF Security Consultant, EdelWeb _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service Marc Maiffret (Nov 09)
- Re: EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service n3td3v (Nov 09)
- Re: EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service Jörg Klemenz (Nov 11)
- Re: EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service Nicolas RUFF (Nov 15)
- Re: EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service Jörg Klemenz (Nov 11)
- <Possible follow-ups>
- RE: EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service Marc Maiffret (Nov 11)
- Re: EEYE: Kerio Personal Firewall Multiple IP Options Denial of Service n3td3v (Nov 09)