Sign-up

ID

VAR-200501-0255


CVE

CVE-2004-1109


TITLE

Kerio PersonalFirewall FWDRV.SYS Denial of service vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200501-222

DESCRIPTION

The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or (3) ICMP packet with a zero length IP Option field. A remote denial of service vulnerability affects the IP options filtering functionality of Kerio's Personal Firewall. This issue is caused by a failure of the application to properly handle malformed network packets. A remote attacker can exploit this issue anonymously with a spoofed packet to cause a computer running the affected application to hang indefinitely, denying service to legitimate users. Kerio Personal Firewall is a personal desktop firewall

Trust: 1.26

sources: NVD: CVE-2004-1109 // BID: 11639 // VULHUB: VHN-9539

AFFECTED PRODUCTS

vendor:keriomodel:personal firewallscope:eqversion:4.1.1

Trust: 1.9

vendor:keriomodel:personal firewallscope:eqversion:4.1

Trust: 1.9

vendor:keriomodel:personal firewallscope:eqversion:4.0.16

Trust: 1.9

vendor:keriomodel:personal firewallscope:eqversion:4.0.10

Trust: 1.9

vendor:keriomodel:personal firewallscope:eqversion:4.0.9

Trust: 1.9

vendor:keriomodel:personal firewallscope:eqversion:4.0.8

Trust: 1.9

vendor:keriomodel:personal firewallscope:eqversion:4.0.7

Trust: 1.9

vendor:keriomodel:personal firewallscope:eqversion:4.0.6

Trust: 1.9

vendor:keriomodel:personal firewallscope:neversion:4.1.2

Trust: 0.3

sources: BID: 11639 // CNNVD: CNNVD-200501-222 // NVD: CVE-2004-1109

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-1109
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200501-222
value: MEDIUM

Trust: 0.6

VULHUB: VHN-9539
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-1109
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-9539
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-9539 // CNNVD: CNNVD-200501-222 // NVD: CVE-2004-1109

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1109

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200501-222

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200501-222

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-9539

EXTERNAL IDS
db:BIDid:11639
Trust: 2.0
db:NVDid:CVE-2004-1109
Trust: 1.7
db:CNNVDid:CNNVD-200501-222
Trust: 0.7
db:XFid:17992
Trust: 0.6
db:EEYEid:AD20041109
Trust: 0.6
db:SEEBUGid:SSVID-62908
Trust: 0.1
db:EXPLOIT-DBid:626
Trust: 0.1
db:VULHUBid:VHN-9539
Trust: 0.1
sources:
            
            
            VULHUB: VHN-9539 // 
            
            
            
            BID: 11639 // 
            
            
            
            CNNVD: CNNVD-200501-222 // 
            
            
            
            NVD: CVE-2004-1109

REFERENCES
url:http://www.kerio.com/security_advisory.html
Trust: 2.0
url:http://www.securityfocus.com/bid/11639
Trust: 1.7
url:http://www.eeye.com/html/research/advisories/ad20041109.html
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/17992
Trust: 1.1
url:http://xforce.iss.net/xforce/xfdb/17992
Trust: 0.6
url:http://www.kerio.com
Trust: 0.3
url:http://www.kerio.com/kpf_download.html
Trust: 0.3
url:/archive/1/380749
Trust: 0.3
sources:
            
            
            VULHUB: VHN-9539 // 
            
            
            
            BID: 11639 // 
            
            
            
            CNNVD: CNNVD-200501-222 // 
            
            
            
            NVD: CVE-2004-1109

CREDITS
Karl Lynn
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200501-222

SOURCES
db:VULHUBid:VHN-9539
db:BIDid:11639
db:CNNVDid:CNNVD-200501-222
db:NVDid:CVE-2004-1109

LAST UPDATE DATE
2024-08-14T15:20:12.223000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-9539date:2017-07-11T00:00:00
db:BIDid:11639date:2004-11-09T00:00:00
db:CNNVDid:CNNVD-200501-222date:2005-10-20T00:00:00
db:NVDid:CVE-2004-1109date:2017-07-11T01:30:44.950

SOURCES RELEASE DATE
db:VULHUBid:VHN-9539date:2005-01-10T00:00:00
db:BIDid:11639date:2004-11-09T00:00:00
db:CNNVDid:CNNVD-200501-222date:2004-11-09T00:00:00
db:NVDid:CVE-2004-1109date:2005-01-10T05:00:00