Sign-up

ID

VAR-200610-0254


CVE

CVE-2006-5420


TITLE

Kerio WinRoute Firewall Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2006-002293

DESCRIPTION

Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to cause a denial of service (crash) via malformed DNS responses. Kerio WinRoute Firewall is prone to a remote denial-of-service vulnerability. Exploiting this issue may permit an attacker to crash affected devices, denying further network services to legitimate users. Kerio WinRoute Firewall 6.2.2 and prior versions are vulnerable; other versions may also be affected. Kerio WinRoute Firewall is a gateway firewall for small and medium businesses. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: Kerio WinRoute Firewall DNS Response Denial of Service SECUNIA ADVISORY ID: SA22986 VERIFY ADVISORY: http://secunia.com/advisories/22986/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote SOFTWARE: Kerio WinRoute Firewall 6.x http://secunia.com/product/3613/ DESCRIPTION: A vulnerability has been reported in Kerio WinRoute Firewall, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error when processing malformed DNS responses. This can be exploited to crash the application. SOLUTION: Update to version 6.2.3. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-5420 // JVNDB: JVNDB-2006-002293 // BID: 20584 // VULHUB: VHN-21528 // PACKETSTORM: 52408

AFFECTED PRODUCTS

vendor:keriomodel:winroute firewallscope:eqversion:6.2.1

Trust: 1.9

vendor:keriomodel:winroute firewallscope:eqversion:6.2

Trust: 1.9

vendor:keriomodel:winroute firewallscope:eqversion:6.1.4

Trust: 1.9

vendor:keriomodel:winroute firewallscope:eqversion:6.1.3

Trust: 1.9

vendor:keriomodel:winroute firewallscope:eqversion:6.1.2

Trust: 1.9

vendor:keriomodel:winroute firewallscope:eqversion:6.1.1

Trust: 1.9

vendor:keriomodel:winroute firewallscope:eqversion:6.1

Trust: 1.9

vendor:keriomodel:winroute firewallscope:lteversion:6.2.2

Trust: 1.8

vendor:keriomodel:winroute firewallscope:eqversion:6.1.4_patch_2

Trust: 1.6

vendor:keriomodel:winroute firewallscope:eqversion:6.1.4_patch_1

Trust: 1.6

vendor:keriomodel:winroute firewallscope:eqversion:6.0.11

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.9

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.8

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.7

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.6

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.5

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.4

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.3

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.2

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0.1

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.0

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.10

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1.10

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1.9

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1.8

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1.7

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1.6

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1.5

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1.4

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1.3

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1.2

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1.1

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.1

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.0.9

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.0.8

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.0.7

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.0.6

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.0.5

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.0.4

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.0.3

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.0.2

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:5.0.1

Trust: 1.3

vendor:keriomodel:winroute firewallscope:eqversion:6.2.2

Trust: 0.9

vendor:keriomodel:winroute firewall patchscope:eqversion:6.1.42

Trust: 0.3

vendor:keriomodel:winroute firewall patchscope:eqversion:6.1.41

Trust: 0.3

vendor:keriomodel:winroute firewallscope:neversion:6.2.3

Trust: 0.3

sources: BID: 20584 // JVNDB: JVNDB-2006-002293 // CNNVD: CNNVD-200610-342 // NVD: CVE-2006-5420

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-5420
value: MEDIUM

Trust: 1.0

NVD: CVE-2006-5420
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200610-342
value: MEDIUM

Trust: 0.6

VULHUB: VHN-21528
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-5420
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-21528
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-21528 // JVNDB: JVNDB-2006-002293 // CNNVD: CNNVD-200610-342 // NVD: CVE-2006-5420

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-5420

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200610-342

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200610-342

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-002293

PATCH
title:Kerio Control ? Release Historyurl:http://www.kerio.com/control/history
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2006-002293

EXTERNAL IDS
db:NVDid:CVE-2006-5420
Trust: 2.5
db:BIDid:20584
Trust: 2.0
db:SECUNIAid:22986
Trust: 1.8
db:SECTRACKid:1017067
Trust: 1.7
db:VUPENid:ADV-2006-4056
Trust: 1.7
db:JVNDBid:JVNDB-2006-002293
Trust: 0.8
db:CNNVDid:CNNVD-200610-342
Trust: 0.7
db:XFid:29629
Trust: 0.6
db:VULHUBid:VHN-21528
Trust: 0.1
db:PACKETSTORMid:52408
Trust: 0.1
sources:
            
            
            VULHUB: VHN-21528 // 
            
            
            
            BID: 20584 // 
            
            
            
            JVNDB: JVNDB-2006-002293 // 
            
            
            
            PACKETSTORM: 52408 // 
            
            
            
            CNNVD: CNNVD-200610-342 // 
            
            
            
            NVD: CVE-2006-5420

REFERENCES
url:http://www.kerio.com/kwf_history.html
Trust: 2.0
url:http://www.securityfocus.com/bid/20584
Trust: 1.7
url:http://securitytracker.com/id?1017067
Trust: 1.7
url:http://secunia.com/advisories/22986
Trust: 1.7
url:http://www.vupen.com/english/advisories/2006/4056
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/29629
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5420
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5420
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2006/4056
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/29629
Trust: 0.6
url:http://www.kerio.com
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://corporate.secunia.com/products/48/?r=l
Trust: 0.1
url:http://secunia.com/product/3613/
Trust: 0.1
url:http://secunia.com/advisories/22986/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://corporate.secunia.com/how_to_buy/15/?r=l
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-21528 // 
            
            
            
            BID: 20584 // 
            
            
            
            JVNDB: JVNDB-2006-002293 // 
            
            
            
            PACKETSTORM: 52408 // 
            
            
            
            CNNVD: CNNVD-200610-342 // 
            
            
            
            NVD: CVE-2006-5420

CREDITS
Kerio Technologies, Inc.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200610-342

SOURCES
db:VULHUBid:VHN-21528
db:BIDid:20584
db:JVNDBid:JVNDB-2006-002293
db:PACKETSTORMid:52408
db:CNNVDid:CNNVD-200610-342
db:NVDid:CVE-2006-5420

LAST UPDATE DATE
2024-08-14T15:20:00.677000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-21528date:2017-07-20T00:00:00
db:BIDid:20584date:2006-10-18T22:29:00
db:JVNDBid:JVNDB-2006-002293date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200610-342date:2006-10-23T00:00:00
db:NVDid:CVE-2006-5420date:2017-07-20T01:33:44.057

SOURCES RELEASE DATE
db:VULHUBid:VHN-21528date:2006-10-20T00:00:00
db:BIDid:20584date:2006-10-17T00:00:00
db:JVNDBid:JVNDB-2006-002293date:2012-09-25T00:00:00
db:PACKETSTORMid:52408date:2006-11-22T00:45:15
db:CNNVDid:CNNVD-200610-342date:2006-10-20T00:00:00
db:NVDid:CVE-2006-5420date:2006-10-20T14:07:00