Details of VAR-200409-0056

ID

VAR-200409-0056

CVE

CVE-2004-1658

TITLE

Kerio Personal Firewall Application Security Bypass Vulnerability

Trust: 0.9

sources: BID: 11096 // CNNVD: CNNVD-200409-006

DESCRIPTION

Kerio Personal Firewall 4.0 (KPF4) allows local users with administrative privileges to bypass the Application Security feature and execute arbitrary processes by directly writing to \device\physicalmemory to restore the running kernel's SDT ServiceTable. A vulnerability is reported to affect Kerio Personal Firewall (KPF) 'Application Security' functionality that could permit an executable that is run by an administrator to disable KPF 'Application Security' functionality. It is reported that (KPF) 'Application Security' functionality employs a modified Service Description Table in order to function. It is possible to restore the Service Description Table to its original state. A malicious application that is run by an administrator can read an intact SDT table from kernel memory and restore the SDT table in the running kernel by writing to kernel memory space. This will disable Kerio Personal Firewall (KPF) 'Application Security' functionality

Trust: 1.26

sources: NVD: CVE-2004-1658 // BID: 11096 // VULHUB: VHN-10088

AFFECTED PRODUCTS

vendor:	kerio	model:	personal firewall	scope:	eq	version:	4.0.16	Trust: 1.9
vendor:	kerio	model:	personal firewall	scope:	eq	version:	4.0.10	Trust: 1.9
vendor:	kerio	model:	personal firewall	scope:	eq	version:	4.0.9	Trust: 1.9
vendor:	kerio	model:	personal firewall	scope:	eq	version:	4.0.8	Trust: 1.9
vendor:	kerio	model:	personal firewall	scope:	eq	version:	4.0.7	Trust: 1.9
vendor:	kerio	model:	personal firewall	scope:	eq	version:	4.0.6	Trust: 1.9

sources: BID: 11096 // CNNVD: CNNVD-200409-006 // NVD: CVE-2004-1658

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1658
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200409-006
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-10088
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-1658
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-10088
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-10088 // CNNVD: CNNVD-200409-006 // NVD: CVE-2004-1658

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1658

THREAT TYPE

local

Trust: 0.9

sources: BID: 11096 // CNNVD: CNNVD-200409-006

TYPE

Design Error

Trust: 0.9

sources: BID: 11096 // CNNVD: CNNVD-200409-006

EXTERNAL IDS

db:	BID	id:	11096	Trust: 2.0
db:	NVD	id:	CVE-2004-1658	Trust: 1.7
db:	SECUNIA	id:	12468	Trust: 1.7
db:	CNNVD	id:	CNNVD-200409-006	Trust: 0.7
db:	BUGTRAQ	id:	20040902 KERIO PERSONAL FIREWALL'S APPLICATION LAUNCH PROTECTION CAN BE DISABLED BY DIRECT SERVICE TABLE RESTORATION	Trust: 0.6
db:	XF	id:	17270	Trust: 0.6
db:	VULHUB	id:	VHN-10088	Trust: 0.1

sources: VULHUB: VHN-10088 // BID: 11096 // CNNVD: CNNVD-200409-006 // NVD: CVE-2004-1658

REFERENCES

url:	http://www.security.org.sg/vuln/kerio4016.html	Trust: 2.0
url:	http://www.securityfocus.com/bid/11096	Trust: 1.7
url:	http://secunia.com/advisories/12468/	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/17270	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=109420310631039&w=2	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/17270	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=109420310631039&w=2	Trust: 0.6
url:	http://www.kerio.com	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=109420310631039&w=2	Trust: 0.1

sources: VULHUB: VHN-10088 // BID: 11096 // CNNVD: CNNVD-200409-006 // NVD: CVE-2004-1658

CREDITS

Discovery of this vulnerability is credited to Tan Chew Keong of SIG^2 Vulnerability Research.

Trust: 0.9

sources: BID: 11096 // CNNVD: CNNVD-200409-006

SOURCES

db:	VULHUB	id:	VHN-10088
db:	BID	id:	11096
db:	CNNVD	id:	CNNVD-200409-006
db:	NVD	id:	CVE-2004-1658

LAST UPDATE DATE

2024-08-14T15:36:07.373000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-10088	date:	2017-07-11T00:00:00
db:	BID	id:	11096	date:	2004-09-02T00:00:00
db:	CNNVD	id:	CNNVD-200409-006	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-1658	date:	2017-07-11T01:31:13.967

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-10088	date:	2004-09-02T00:00:00
db:	BID	id:	11096	date:	2004-09-02T00:00:00
db:	CNNVD	id:	CNNVD-200409-006	date:	2004-09-02T00:00:00
db:	NVD	id:	CVE-2004-1658	date:	2004-09-02T04:00:00