Kerio可注入伪造iphlpapi DLL漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111915 漏洞类型 设计错误
发布时间 2007-01-01 更新时间 2007-01-15
CVE编号 CVE-2007-0081 CNNVD-ID CNNVD-200701-037
漏洞平台 Windows CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/29374
https://cxsecurity.com/issue/WLB-2007010011
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200701-037
|漏洞详情
KerioPersonalFirewall是一款个人桌面系统防火墙。KerioPersonalFirewall处理程序相关组件的加载时存在漏洞,本地攻击者可能利用此漏洞提升权限或使防火墙失效。KerioPersonalFirewall在加载相关的库文件iphlpapi.dll时,首先从软件的安装目录搜索,如果搜索不到才从操作系统目录加载,而且软件的安装目录是可写的,本地攻击者可以创建伪造的DLL文件,防火墙服务在初始化时加载执行其中的代码,导致执行攻击者的任意指令。
|漏洞EXP
source: http://www.securityfocus.com/bid/21828/info

Kerio Personal Firewall is prone to a local privilege-escalation vulnerability.

A local attacker could exploit this issue to execute arbitrary machine code with SYSTEM-level privileges. A successful exploit could result in the complete compromise of the affected computer.

Versions 4.3.246 and 4.3.268 are vulnerable to this issue; other versions may also be affected.

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/29374.zip
|参考资料

来源:XF
名称:kerio-directory-code-execution(31232)
链接:http://xforce.iss.net/xforce/xfdb/31232
来源:BID
名称:21828
链接:http://www.securityfocus.com/bid/21828
来源:BUGTRAQ
名称:20070101KerioFake'iphlpapi'DLLinjectionVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/455624/100/0/threaded
来源:MISC
链接:http://www.matousec.com/info/advisories/Kerio-Fake-iphlpapi-DLL-injection.php
来源:OSVDB
名称:33356
链接:http://www.osvdb.org/33356
来源:SREASON
名称:2095
链接:http://securityreason.com/securityalert/2095