Positive Technologies Security Advisory 2003-0307: DoS-attack in Kerio WinRoute Firewall

From: Dmitry Maksimov (dmaksimov@ptsecurity.ru)
Date: 03/31/03

  • Next message: Daniel Ahlberg: "GLSA: dietlibc (200303-29)" 
    Date: Mon, 31 Mar 2003 10:00:26 +0400
From: Dmitry Maksimov <dmaksimov@ptsecurity.ru>
To: bugtraq@securityfocus.com

                   Positive Technologies Security Advisory
                         http://www.ptsecurity.com

            Title: DoS-attack in Kerio WinRoute Firewall
             Date: March, 07 2003
         Severity: High
      Application: Kerio WinRoute Firewall 5.0.1
         Platform: Windows 95/98/ME/NT/2000/XP
    Vendor Status: Notified, patched in version 5.0.2

     

    I. DESCRIPTION

    ---------------

    Denial of Service condition exists in Kerio WinRoute Firewall's Web
    administration interface which hand service with 100% CPU utilization.

    Positive Technologies reports that single simple HTTP request to Kerio
    Winroute Firewall Web administration interface (TCP/4080)

    GET / HTTP/1.0
    Authorization: Basic XXX

     
    instead of correct one:

    GET / HTTP/1.0
    Host: server
    Authorization: Basic XXX

    causes 100% CPU utilization of attacked computer.

    II. IMPACT

    ---------------

    Remote user can launch denial of service attack against web interface
    (port TCP/4080). Single request causes 100% CPU utilization. As a result
    more than 50% of future connection requests may be lost disturbing
    normal functionality of the networking services.

    III. SOLUTION

    ---------------

    Block TCP/4080 access or upgrade to Kerio WinRoute Firewall 5.0.2.

    IV. VENDOR FIX/RESPONSE

    ---------------

    Vendor was notified on 10.03.2003.

    V. CREDIT

    ---------------

    Positive Technologies is information security company especially focused on
    protection of corporate networks from external attacks. The main trend of
    PT’s activity is computer networks security audit and service. PT offers
    wide range of services in the filed of information security: from network
    architecture development or optimization to consulting and custom software
    source-code examination.

  • Next message: Daniel Ahlberg: "GLSA: dietlibc (200303-29)"