Sunbelt Kerio Personal Firewall CreateRemoteThread API函数拒绝服务漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110611 漏洞类型
发布时间 2006-07-15 更新时间 2006-09-20
CVE编号 CVE-2006-3787 CNNVD-ID CNNVD-200607-390
漏洞平台 Hardware CVSS评分 2.1
|漏洞来源
https://www.exploit-db.com/exploits/28228
https://cxsecurity.com/issue/WLB-2006070097
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200607-390
|漏洞详情
SunbeltKerioPersonalFirewall4.3.268之前的4.3.x版本中的kpf4ss.exe不能正确钩住CreateRemoteThreadAPI函数,本地用户可以通过调用CreateRemoteThread来造成拒绝服务(崩溃)并绕过保护机制。
|漏洞EXP
source: http://www.securityfocus.com/bid/18996/info

Sunbelt Kerio Personal Firewall is prone to a denial-of-service vulnerability. This issue can occur when a program calls the 'CreateRemoteThread' Windows API call.

Exploitation of this vulnerability could cause the firewall application to crash. This could expose the computer to further attacks.

The individual who discovered this vulnerability claims to have tested it on Sunbelt Kerio Personal Firewall versions 4.3.246 and 4.2.3.912. They were unable to reproduce the vulnerability on version 4.2.3.912, which is an older release. The vulnerable functionality may have been introduced at some point after the 4.2.3.912 release, but this has not been confirmed.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/28228.zip
|参考资料

来源:BID
名称:18996
链接:http://www.securityfocus.com/bid/18996
来源:BUGTRAQ
名称:20060715KerioTerminating'kpf4ss.exe'usinginternalruntimeerrorVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/440112/100/100/threaded
来源:MISC
链接:http://www.matousec.com/info/advisories/Kerio-Terminating-kpf4ss-exe-using-internal-runtime-error.php
来源:VUPEN
名称:ADV-2006-2828
链接:http://www.frsirt.com/english/advisories/2006/2828
来源:SECUNIA
名称:21060
链接:http://secunia.com/advisories/21060
来源:SREASON
名称:1260
链接:http://securityreason.com/securityalert/1260