Re: Possible Kerio Vulnerability Workaround

From: EA (ea_at_someisp.invalid)
Date: 03/07/05


Date: Mon, 07 Mar 2005 05:45:22 GMT

Kerodo <loopback@localhost.com> typed in
news:16k726e124oid$.1pldi4p6rdhm2$.dlg@40tude.net:

> On Mon, 07 Mar 2005 03:10:37 GMT, mhicaoidh wrote:
>
>> Taking a moment's reflection, Hassan I Sahba mused:
>>|
>>| This flaw was public in 1999 and affected many firewalls.
>>| Everyone but Tiny/Kerio fixed the problem. I've only verified
>>| that Tiny/Kerio are still vulnerable.
>>
>> That's not anywhere near being accurate. Kerio *did* fix it
>> in version
>> 4. Kerio 2.x has been discontinued for a very long time ... they
>> aren't going to fix what is no longer being developed. I still
>> use 2.1.4, but I don't understand why so many people get so up in
>> arms over a security hole discovered in a piece of software that
>> has been discontinued for years.
>
> Mostly fear I suspect. I think most people have concluded that
> nothing harmful can happen as a result of it. A few frag'd
> packets may slip thru, but any response to them will be blocked by
> Kerio, so what's the problem? I don't see how any harm can come
> from it. But maybe I'm missing something?
>

It is a very minor "vulnerability." Basically, the only thing that
happens is that you can lose your stealth status, i.e., the person
sending the packets will know that your machine is there. It will
not be possible to connect to your system. I find it odd that this
vulnerability gets so much publicity in this forum the moment that
there are other, far more serious vulnerabilities that affect many
firewalls, old and new...

E.