Kerio WinRoute Firewall Protocol Inspection Denial

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Kerio WinRoute Firewall Protocol Inspection Denial
From: SnoBMSN@xxxxxxxxxx
Date: 7 May 2006 06:52:20 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Critical: 
Moderately critical
Impact: DoS
Where: From remote
Solution Status: Vendor Patch

Software: Kerio WinRoute Firewall 6.x

Select a product and view a complete list of all Patched/Unpatched Secunia 
advisories affecting it.

Description:
A vulnerability has been reported in Kerio WinRoute Firewall, which can be 
exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error in the SMTP and POP3 
protocol inspectors. This can be exploited to crash the service when a 
malformed e-mail is sent via SMTP or received via POP3.

The vulnerability has been reported in versions prior to 6.2.1.

Solution:
Update to version 6.2.1 or later.
http://www.kerio.com/kwf_download.html

Provided and/or discovered by:
Reported by the vendor.

Original Advisory:
http://www.kerio.com/kwf_history.html

Adivosory: WwW.Cyber-Security.ORG

Turkish Hacking & Security 

By SnoB

EyvAllah!

Prev by Date: [48Bits.com Advisory] Path conversion design flaw in Microsoft NTDLL
Next by Date: ZDI-06-014: Verisign I-Nav ActiveX Control Code Execution Vulnerability
Previous by thread: [48Bits.com Advisory] Path conversion design flaw in Microsoft NTDLL
Next by thread: ZDI-06-014: Verisign I-Nav ActiveX Control Code Execution Vulnerability
Index(es):
- Date
- Thread