Re: Possible Kerio Vulnerability Workaround

From: EA (ea_at_someisp.invalid)
Date: 03/07/05


Date: Mon, 07 Mar 2005 05:45:22 GMT

Kerodo <loopback@localhost.com> typed in
news:16k726e124oid$.1pldi4p6rdhm2$.dlg@40tude.net:

> On Mon, 07 Mar 2005 03:10:37 GMT, mhicaoidh wrote:
>
>> Taking a moment's reflection, Hassan I Sahba mused:
>>|
>>| This flaw was public in 1999 and affected many firewalls.
>>| Everyone but Tiny/Kerio fixed the problem. I've only verified
>>| that Tiny/Kerio are still vulnerable.
>>
>> That's not anywhere near being accurate. Kerio *did* fix it
>> in version
>> 4. Kerio 2.x has been discontinued for a very long time ... they
>> aren't going to fix what is no longer being developed. I still
>> use 2.1.4, but I don't understand why so many people get so up in
>> arms over a security hole discovered in a piece of software that
>> has been discontinued for years.
>
> Mostly fear I suspect. I think most people have concluded that
> nothing harmful can happen as a result of it. A few frag'd
> packets may slip thru, but any response to them will be blocked by
> Kerio, so what's the problem? I don't see how any harm can come
> from it. But maybe I'm missing something?
>

It is a very minor "vulnerability." Basically, the only thing that
happens is that you can lose your stealth status, i.e., the person
sending the packets will know that your machine is there. It will
not be possible to connect to your system. I find it odd that this
vulnerability gets so much publicity in this forum the moment that
there are other, far more serious vulnerabilities that affect many
firewalls, old and new...

E.



Relevant Pages

  • Re: [Full-Disclosure] Vulnerability Disclosure Debate
    ... Keep Disclosure FULL DISCLOSURE ... ... >> them to make only limited, next to useless, information about security ... >> vulnerability at least a month before any information about it was ... >> soon as the public is noticed, and credits and publicity are to be ...
    (Full-Disclosure)
  • RE: [fw-wiz] Firewalls Compared
    ... > I'm trying to reconcile "know what the vulnerability looks ... For example if we know from the protocol rules that we're ... signatures that just dump any packet with %n%n or %x or whatever. ... Firewalls MUST be in a default DENY mode." ...
    (Firewall-Wizards)
  • RE: [fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)
    ... and that's part of the reason I work in "vulnerability ... "Mitigation" (eg pseudo airgaps, firewalls, pixies and unicorns) has failed ... > infection on to other systems. ...
    (Firewall-Wizards)
  • Re: [Full-Disclosure] Vulnerability Disclosure Debate
    ... > The security alliance around Microsoft is trying to push its "reasonable ... > vulnerability disclosure guidelines", ... > soon as the public is noticed, and credits and publicity are to be ... This depends on how you define Full Disclosure. ...
    (Full-Disclosure)
  • [Full-Disclosure] Vulnerability Disclosure Debate
    ... Vulnerability Disclosure Debate ... The security alliance around Microsoft is trying to push its "reasonable ... soon as the public is noticed, and credits and publicity are to be ...
    (Full-Disclosure)