Re: Possible Kerio Vulnerability Workaround
From: Kerodo (loopback_at_localhost.com)
Date: 03/07/05
- Previous message: Gerald Vogt: "Re: ZonaAlarm issues?"
- Maybe in reply to: Hassan I Sahba: "Possible Kerio Vulnerability Workaround"
- Next in thread: EA: "Re: Possible Kerio Vulnerability Workaround"
- Reply: Memnoch: "Re: Possible Kerio Vulnerability Workaround"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 6 Mar 2005 19:48:41 -0800
On Mon, 07 Mar 2005 03:10:37 GMT, mhicaoidh wrote:
> Taking a moment's reflection, Hassan I Sahba mused:
>|
>| This flaw was public in 1999 and affected many firewalls. Everyone but
>| Tiny/Kerio fixed the problem. I've only verified that Tiny/Kerio are
>| still vulnerable.
>
> That's not anywhere near being accurate. Kerio *did* fix it in version
> 4. Kerio 2.x has been discontinued for a very long time ... they aren't
> going to fix what is no longer being developed. I still use 2.1.4, but I
> don't understand why so many people get so up in arms over a security hole
> discovered in a piece of software that has been discontinued for years.
Mostly fear I suspect. I think most people have concluded that nothing
harmful can happen as a result of it. A few frag'd packets may slip thru,
but any response to them will be blocked by Kerio, so what's the problem?
I don't see how any harm can come from it. But maybe I'm missing
something?
-- Kerodo
- Previous message: Gerald Vogt: "Re: ZonaAlarm issues?"
- Maybe in reply to: Hassan I Sahba: "Possible Kerio Vulnerability Workaround"
- Next in thread: EA: "Re: Possible Kerio Vulnerability Workaround"
- Reply: Memnoch: "Re: Possible Kerio Vulnerability Workaround"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
