VAR-200305-0036
Vulnerability from variot - Updated: 2023-12-18 12:40Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet. An exploit for this vulnerability is publicly available. A buffer-overflow vulnerability has been discovered in Kerio Personal Firewall. The problem occurs during the administration authentication process. An attacker could exploit this vulnerability by forging a malicious packet containing an excessive data size. The application then reads this data into a static memory buffer without first performing sufficient bounds checking. Note that this vulnerability affects Kerio Personal Firewall 2.1.4 and earlier. When the administrator connects to the firewall, a handshake connection will be performed to establish an encrypted session. The fourth packet of the handshake (the first packet is sent by the administrator) contains 4 bytes of data, which has a certain fixed value 0x40 (64) to indicate the follow-up The size of the package containing the admin key. When the firewall side uses recv() to process this data, it does not check the boundary buffer
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200305-0036",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "personal firewall 2",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1.1"
},
{
"model": "personal firewall 2",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1"
},
{
"model": "personal firewall 2",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1.2"
},
{
"model": "personal firewall 2",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1.4"
},
{
"model": "personal firewall 2",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1.3"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "kerio",
"version": null
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.4"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.3"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.2"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.1"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1"
},
{
"model": "personal firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#454716"
},
{
"db": "BID",
"id": "7180"
},
{
"db": "NVD",
"id": "CVE-2003-0220"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:kerio:personal_firewall_2:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:personal_firewall_2:2.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:personal_firewall_2:2.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:personal_firewall_2:2.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:personal_firewall_2:2.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0220"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Core Security Technologies Advisory",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0220",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-7049",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2003-0220",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#454716",
"trust": 0.8,
"value": "14.06"
},
{
"author": "CNNVD",
"id": "CNNVD-200305-031",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-7049",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#454716"
},
{
"db": "VULHUB",
"id": "VHN-7049"
},
{
"db": "NVD",
"id": "CVE-2003-0220"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet. An exploit for this vulnerability is publicly available. A buffer-overflow vulnerability has been discovered in Kerio Personal Firewall. The problem occurs during the administration authentication process. An attacker could exploit this vulnerability by forging a malicious packet containing an excessive data size. The application then reads this data into a static memory buffer without first performing sufficient bounds checking. \nNote that this vulnerability affects Kerio Personal Firewall 2.1.4 and earlier. When the administrator connects to the firewall, a handshake connection will be performed to establish an encrypted session. The fourth packet of the handshake (the first packet is sent by the administrator) contains 4 bytes of data, which has a certain fixed value 0x40 (64) to indicate the follow-up The size of the package containing the admin key. When the firewall side uses recv() to process this data, it does not check the boundary buffer",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0220"
},
{
"db": "CERT/CC",
"id": "VU#454716"
},
{
"db": "BID",
"id": "7180"
},
{
"db": "VULHUB",
"id": "VHN-7049"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-7049",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7049"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "7180",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#454716",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2003-0220",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200305-031",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20030428 CORE-2003-0305-02: VULNERABILITIES IN KERIO PERSONAL FIREWALL",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "1537",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16465",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "22418",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "28",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "22417",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-62726",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-70979",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-76221",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-76220",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-63390",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82995",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-7049",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#454716"
},
{
"db": "VULHUB",
"id": "VHN-7049"
},
{
"db": "BID",
"id": "7180"
},
{
"db": "NVD",
"id": "CVE-2003-0220"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
}
]
},
"id": "VAR-200305-0036",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7049"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:40:38.541000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0220"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.coresecurity.com/common/showdoc.php?idx=314\u0026idxseccion=10"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/7180"
},
{
"trust": 1.7,
"url": "http://www.kb.cert.org/vuls/id/454716"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/pfexploit.c"
},
{
"trust": 1.4,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=105155734411836\u0026w=2"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=105155734411836\u0026w=2"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/kerio-overflow.py"
},
{
"trust": 0.8,
"url": "http://www.s0h.cc/~threat/goodies/pfpatch/sources_pfpatch.zip"
},
{
"trust": 0.8,
"url": "http://www.s0h.cc/~threat/goodies/pfpatch/pfpatch.exe"
},
{
"trust": 0.8,
"url": "http://www.kerio.com/kpf_download.html "
},
{
"trust": 0.8,
"url": "http://online.securityfocus.com/bid/7180"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
},
{
"trust": 0.3,
"url": "http://support.coresecurity.com/impact/exploits/617ed23b85dc3446ba56bfb7ed827a6b.html"
},
{
"trust": 0.3,
"url": "/archive/1/320911"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=105155734411836\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/common/showdoc.php?idx=314\u0026amp;idxseccion=10"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#454716"
},
{
"db": "VULHUB",
"id": "VHN-7049"
},
{
"db": "BID",
"id": "7180"
},
{
"db": "NVD",
"id": "CVE-2003-0220"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#454716"
},
{
"db": "VULHUB",
"id": "VHN-7049"
},
{
"db": "BID",
"id": "7180"
},
{
"db": "NVD",
"id": "CVE-2003-0220"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-05-12T00:00:00",
"db": "CERT/CC",
"id": "VU#454716"
},
{
"date": "2003-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-7049"
},
{
"date": "2003-04-28T00:00:00",
"db": "BID",
"id": "7180"
},
{
"date": "2003-05-12T04:00:00",
"db": "NVD",
"id": "CVE-2003-0220"
},
{
"date": "2003-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200305-031"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-05-13T00:00:00",
"db": "CERT/CC",
"id": "VU#454716"
},
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-7049"
},
{
"date": "2007-10-16T18:27:00",
"db": "BID",
"id": "7180"
},
{
"date": "2016-10-18T02:30:53.910000",
"db": "NVD",
"id": "CVE-2003-0220"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200305-031"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Personal Firewall vulnerable to buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#454716"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "7180"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…