Kerio Personal Firewall 4.0 (KPF4) allows local users with administrative privileges to bypass the Application Security feature and execute arbitrary processes by directly writing to devicephysicalmemory to restore the running kernels SDT ServiceTable.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Personal_firewall | Kerio | 4.0.6 (including) | 4.0.6 (including) |
| Personal_firewall | Kerio | 4.0.7 (including) | 4.0.7 (including) |
| Personal_firewall | Kerio | 4.0.8 (including) | 4.0.8 (including) |
| Personal_firewall | Kerio | 4.0.9 (including) | 4.0.9 (including) |
| Personal_firewall | Kerio | 4.0.10 (including) | 4.0.10 (including) |
| Personal_firewall | Kerio | 4.0.16 (including) | 4.0.16 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=109420310631039\u0026w=2
- http://secunia.com/advisories/12468/
- http://www.security.org.sg/vuln/kerio4016.html
- http://www.securityfocus.com/bid/11096
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17270
- http://marc.info/?l=bugtraq\u0026m=109420310631039\u0026w=2
- http://secunia.com/advisories/12468/
- http://www.security.org.sg/vuln/kerio4016.html
- http://www.securityfocus.com/bid/11096
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17270