s0h: Kerio Personal Firewall and Tiny Personal Firewall remote exploit/patch.

Hello,

April 28, 2003, the CoreSecurity team publishes security advisory concerning 2 holes in Kiero Personal Firewall, of which one of both is Remote Buffer Overflow in the process of connection of the remote admin module. Kiero Personal Firewall using PFEngine, an common firewall engine, it proves that the vulnerability is also present in Tiny Personal Firewall! In the same time, every PFE firewall based products are vulnerable...

Today, the Thursday, May 8, 2003 6:27 PM, ThreaT (again@#!) from Skin Of Humanity Group released the exploit and the UNOFFICIAL patch for Kerio Personal Firewall version 2.1.4.0 (and previous versions) and Tiny Personal Firewall version 2.0.15.0.

Please enjoy sources of the patch at : http://www.s0h.cc/~threat/goodies/PFpatch/sources_PFpatch.zip

To correct this problem on your personnal firewall use this address : http://www.s0h.cc/~threat/goodies/PFpatch/PFpatch.exe

To understanding the hole and the exploitation method please get the exploit at http://www.s0h.cc/~threat/source/PFExploit.c.

A french advisory was writed at http://s0h.cc/~threat/goodies/PFpatch/

Sight that Kiero did not want to answer the CoreSecurity request, we did not inform Kerio. i think they do not understood what it passed. (no offence).

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Special Thanks to :

• Emiliano Kargieman from CoreSecurity
• Hernán Gips from CoreSecurity
• Javier Burroni from CoreSecurity
• ThreaT from Skin Of Humanity

Please note :
The Skin Of Humanity Group protect all its members.if a problem occurs concerning this diffusion, the author is not responsible, the leader of the group is in all the responsible case of cause. Since the diffusion does not come from the creator but from the group. Thank you. Best regards and respect,
Descript. <descript@s0h.cc>
Skin Of Humanity
http://s0h.cc/ Received on Thu May 8 17:09:02 2003