Sign-up

ID

VAR-200305-0036


CVE

CVE-2003-0220


TITLE

Kerio Personal Firewall vulnerable to buffer overflow

Trust: 0.8

sources: CERT/CC: VU#454716

DESCRIPTION

Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet. An exploit for this vulnerability is publicly available. A buffer-overflow vulnerability has been discovered in Kerio Personal Firewall. The problem occurs during the administration authentication process. An attacker could exploit this vulnerability by forging a malicious packet containing an excessive data size. The application then reads this data into a static memory buffer without first performing sufficient bounds checking. Note that this vulnerability affects Kerio Personal Firewall 2.1.4 and earlier. When the administrator connects to the firewall, a handshake connection will be performed to establish an encrypted session. The fourth packet of the handshake (the first packet is sent by the administrator) contains 4 bytes of data, which has a certain fixed value 0x40 (64) to indicate the follow-up The size of the package containing the admin key. When the firewall side uses recv() to process this data, it does not check the boundary buffer

Trust: 1.98

sources: NVD: CVE-2003-0220 // CERT/CC: VU#454716 // BID: 7180 // VULHUB: VHN-7049

AFFECTED PRODUCTS

vendor:keriomodel:personal firewall 2scope:eqversion:2.1

Trust: 1.6

vendor:keriomodel:personal firewall 2scope:eqversion:2.1.3

Trust: 1.6

vendor:keriomodel:personal firewall 2scope:eqversion:2.1.2

Trust: 1.6

vendor:keriomodel:personal firewall 2scope:eqversion:2.1.1

Trust: 1.6

vendor:keriomodel:personal firewall 2scope:eqversion:2.1.4

Trust: 1.6

vendor:keriomodel: - scope: - version: -

Trust: 0.8

vendor:keriomodel:personal firewallscope:eqversion:22.1.4

Trust: 0.3

vendor:keriomodel:personal firewallscope:eqversion:22.1.3

Trust: 0.3

vendor:keriomodel:personal firewallscope:eqversion:22.1.2

Trust: 0.3

vendor:keriomodel:personal firewallscope:eqversion:22.1.1

Trust: 0.3

vendor:keriomodel:personal firewallscope:eqversion:22.1

Trust: 0.3

vendor:keriomodel:personal firewallscope:neversion:22.1.5

Trust: 0.3

sources: CERT/CC: VU#454716 // BID: 7180 // CNNVD: CNNVD-200305-031 // NVD: CVE-2003-0220

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-0220
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#454716
value: 14.06

Trust: 0.8

CNNVD: CNNVD-200305-031
value: HIGH

Trust: 0.6

VULHUB: VHN-7049
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2003-0220
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-7049
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#454716 // VULHUB: VHN-7049 // CNNVD: CNNVD-200305-031 // NVD: CVE-2003-0220

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0220

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200305-031

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 7180 // CNNVD: CNNVD-200305-031

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-7049

EXTERNAL IDS
db:BIDid:7180
Trust: 2.8
db:CERT/CCid:VU#454716
Trust: 2.5
db:NVDid:CVE-2003-0220
Trust: 2.0
db:CNNVDid:CNNVD-200305-031
Trust: 0.7
db:BUGTRAQid:20030428 CORE-2003-0305-02: VULNERABILITIES IN KERIO PERSONAL FIREWALL
Trust: 0.6
db:EXPLOIT-DBid:1537
Trust: 0.1
db:EXPLOIT-DBid:16465
Trust: 0.1
db:EXPLOIT-DBid:22418
Trust: 0.1
db:EXPLOIT-DBid:28
Trust: 0.1
db:EXPLOIT-DBid:22417
Trust: 0.1
db:SEEBUGid:SSVID-62726
Trust: 0.1
db:SEEBUGid:SSVID-70979
Trust: 0.1
db:SEEBUGid:SSVID-76221
Trust: 0.1
db:SEEBUGid:SSVID-76220
Trust: 0.1
db:SEEBUGid:SSVID-63390
Trust: 0.1
db:PACKETSTORMid:82995
Trust: 0.1
db:VULHUBid:VHN-7049
Trust: 0.1
sources:
            
            
            CERT/CC: VU#454716 // 
            
            
            
            VULHUB: VHN-7049 // 
            
            
            
            BID: 7180 // 
            
            
            
            CNNVD: CNNVD-200305-031 // 
            
            
            
            NVD: CVE-2003-0220

REFERENCES
url:http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10
Trust: 2.4
url:http://www.securityfocus.com/bid/7180
Trust: 1.7
url:http://www.kb.cert.org/vuls/id/454716
Trust: 1.7
url:http://www.securityfocus.com/data/vulnerabilities/exploits/pfexploit.c
Trust: 1.6
url:http://marc.theaimsgroup.com/?l=bugtraq&m=105155734411836&w=2
Trust: 1.4
url:http://marc.info/?l=bugtraq&m=105155734411836&w=2
Trust: 1.0
url:http://www.securityfocus.com/data/vulnerabilities/exploits/kerio-overflow.py
Trust: 0.8
url:http://www.s0h.cc/~threat/goodies/pfpatch/sources_pfpatch.zip
Trust: 0.8
url:http://www.s0h.cc/~threat/goodies/pfpatch/pfpatch.exe
Trust: 0.8
url:http://www.kerio.com/kpf_download.html 
Trust: 0.8
url:http://online.securityfocus.com/bid/7180
Trust: 0.8
url:http://www.kerio.com
Trust: 0.3
url:http://support.coresecurity.com/impact/exploits/617ed23b85dc3446ba56bfb7ed827a6b.html
Trust: 0.3
url:/archive/1/320911
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=105155734411836&w=2
Trust: 0.1
url:http://www.coresecurity.com/common/showdoc.php?idx=314&idxseccion=10
Trust: 0.1
url: - 
Trust: 0.1
sources:
            
            
            CERT/CC: VU#454716 // 
            
            
            
            VULHUB: VHN-7049 // 
            
            
            
            BID: 7180 // 
            
            
            
            CNNVD: CNNVD-200305-031 // 
            
            
            
            NVD: CVE-2003-0220

CREDITS
Core Security Technologies Advisory
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200305-031

SOURCES
db:CERT/CCid:VU#454716
db:VULHUBid:VHN-7049
db:BIDid:7180
db:CNNVDid:CNNVD-200305-031
db:NVDid:CVE-2003-0220

LAST UPDATE DATE
2024-08-14T15:31:14.267000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#454716date:2003-05-13T00:00:00
db:VULHUBid:VHN-7049date:2016-10-18T00:00:00
db:BIDid:7180date:2007-10-16T18:27:00
db:CNNVDid:CNNVD-200305-031date:2005-10-20T00:00:00
db:NVDid:CVE-2003-0220date:2016-10-18T02:30:53.910

SOURCES RELEASE DATE
db:CERT/CCid:VU#454716date:2003-05-12T00:00:00
db:VULHUBid:VHN-7049date:2003-05-12T00:00:00
db:BIDid:7180date:2003-04-28T00:00:00
db:CNNVDid:CNNVD-200305-031date:2003-04-28T00:00:00
db:NVDid:CVE-2003-0220date:2003-05-12T04:00:00