ID

VAR-200601-0384


CVE

CVE-2006-0335


TITLE

Kerio WinRoute Firewall Multiple Denial of Service Vulnerabilities

Trust: 0.9

sources: BID: 16314 // CNNVD: CNNVD-200601-254

DESCRIPTION

Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before 6.1.4 Patch 1 allow remote attackers to cause a denial of service via multiple unspecified vectors involving (1) long strings received from Active Directory and (2) the filtering of HTML. Kerio WinRoute Firewall is prone to multiple denial of service vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit these vulnerabilities to crash the affected service, effectively disabling the firewall. This may aid in further attacks. Kerio WinRoute firewall is an enterprise gateway firewall suitable for small and medium businesses. Kerio WinRoute has loopholes when processing specific HTML data, and remote attackers may use the loopholes to perform denial-of-service attacks on the firewall. TITLE: Kerio WinRoute Firewall Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA18542 VERIFY ADVISORY: http://secunia.com/advisories/18542/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote SOFTWARE: Kerio WinRoute Firewall 6.x http://secunia.com/product/3613/ DESCRIPTION: Two vulnerabilities have been reported in Kerio WinRoute Firewall, which potentially can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the handling of certain data when performing HTML content filtering may be exploited to cause a DoS. 2) An error in the handling of overly long strings fetched from the Active Directory may be exploited to cause a DoS. Some other errors, which may be security related, have also been fixed. SOLUTION: Update to version 6.1.4 Patch 1. http://www.kerio.com/kwf_download.html PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.kerio.com/kwf_history.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2006-0335 // BID: 16314 // VULHUB: VHN-16443 // PACKETSTORM: 43188

AFFECTED PRODUCTS

vendor:keriomodel:winroute firewallscope:eqversion:6.1.4

Trust: 1.9

vendor:keriomodel:winroute firewallscope:eqversion:6.1.3

Trust: 1.9

vendor:keriomodel:winroute firewallscope:eqversion:6.1.2

Trust: 1.9

vendor:keriomodel:winroute firewallscope:eqversion:6.1.1

Trust: 1.9

vendor:keriomodel:winroute firewallscope:eqversion:6.0.9

Trust: 1.9

vendor:keriomodel:winroute firewallscope:eqversion:6.0.8

Trust: 1.9

vendor:keriomodel:winroute firewallscope:eqversion:6.0.7

Trust: 1.9

vendor:keriomodel:winroute firewallscope:eqversion:6.0.6

Trust: 1.9

vendor:keriomodel:winroute firewallscope:eqversion:6.1.0

Trust: 1.6

vendor:keriomodel:winroute firewallscope:eqversion:6.1.3_patch1

Trust: 1.6

vendor:keriomodel:winroute firewallscope:eqversion:6.0.11

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.5

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.4

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.3

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.2

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.1

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.10

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1.10

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1.9

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1.8

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1.7

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1.6

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1.5

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1.4

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1.3

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1.2

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1.1

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.0.9

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.0.8

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.0.7

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.0.6

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.0.5

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.0.4

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.0.3

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.0.2

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.0.1

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.0

Trust: 1.0

vendor:keriomodel:winroute firewallscope:eqversion:6.0.10

Trust: 1.0

vendor:keriomodel:winroute firewallscope:eqversion:6.1

Trust: 0.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0

Trust: 0.3

vendor:keriomodel:winroute firewall patchscope:neversion:6.1.41

Trust: 0.3

sources: BID: 16314 // CNNVD: CNNVD-200601-254 // NVD: CVE-2006-0335

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-0335
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200601-254
value: MEDIUM

Trust: 0.6

VULHUB: VHN-16443
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-0335
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-16443
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-16443 // CNNVD: CNNVD-200601-254 // NVD: CVE-2006-0335

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-0335

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200601-254

TYPE

Design Error

Trust: 0.9

sources: BID: 16314 // CNNVD: CNNVD-200601-254

EXTERNAL IDS

db:BIDid:16314

Trust: 2.0

db:SECUNIAid:18542

Trust: 1.8

db:VUPENid:ADV-2006-0247

Trust: 1.7

db:NVDid:CVE-2006-0335

Trust: 1.7

db:OSVDBid:22631

Trust: 1.7

db:CNNVDid:CNNVD-200601-254

Trust: 0.7

db:XFid:24232

Trust: 0.6

db:XFid:24233

Trust: 0.6

db:VULHUBid:VHN-16443

Trust: 0.1

db:PACKETSTORMid:43188

Trust: 0.1

sources: VULHUB: VHN-16443 // BID: 16314 // PACKETSTORM: 43188 // CNNVD: CNNVD-200601-254 // NVD: CVE-2006-0335

REFERENCES

url:http://www.kerio.com/kwf_history.html

Trust: 2.1

url:http://www.securityfocus.com/bid/16314

Trust: 1.7

url:http://www.osvdb.org/22631

Trust: 1.7

url:http://secunia.com/advisories/18542

Trust: 1.7

url:http://www.vupen.com/english/advisories/2006/0247

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/24233

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/24232

Trust: 1.1

url:http://www.frsirt.com/english/advisories/2006/0247

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/24233

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/24232

Trust: 0.6

url:http://www.kerio.com

Trust: 0.3

url:http://www.kerio.com/kwf_home.html

Trust: 0.3

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/3613/

Trust: 0.1

url:http://www.kerio.com/kwf_download.html

Trust: 0.1

url:http://secunia.com/advisories/18542/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-16443 // BID: 16314 // PACKETSTORM: 43188 // CNNVD: CNNVD-200601-254 // NVD: CVE-2006-0335

CREDITS

Kerio

Trust: 0.6

sources: CNNVD: CNNVD-200601-254

SOURCES

db:VULHUBid:VHN-16443
db:BIDid:16314
db:PACKETSTORMid:43188
db:CNNVDid:CNNVD-200601-254
db:NVDid:CVE-2006-0335

LAST UPDATE DATE

2024-11-23T22:50:29.289000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-16443date:2017-07-20T00:00:00
db:BIDid:16314date:2006-02-07T20:54:00
db:CNNVDid:CNNVD-200601-254date:2006-01-30T00:00:00
db:NVDid:CVE-2006-0335date:2024-11-21T00:06:13.470

SOURCES RELEASE DATE

db:VULHUBid:VHN-16443date:2006-01-21T00:00:00
db:BIDid:16314date:2006-01-19T00:00:00
db:PACKETSTORMid:43188date:2006-01-19T17:33:40
db:CNNVDid:CNNVD-200601-254date:2006-01-20T00:00:00
db:NVDid:CVE-2006-0335date:2006-01-21T00:03:00