CVE-2006-5153

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2006-5153
The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments passed through to SSDT functions, including NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and NtSetInformationFile, which allows local users to cause a denial of service (crash) and possibly other impacts via unspecified vectors.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://www.matousec.com/info/advisories/Kerio-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php Exploit Vendor Advisory
http://www.securityfocus.com/bid/20299 Exploit
http://secunia.com/advisories/22234 Vendor Advisory
http://securitytracker.com/id?1016967
http://securityreason.com/securityalert/1685
http://www.vupen.com/english/advisories/2006/3872
https://exchange.xforce.ibmcloud.com/vulnerabilities/29313
http://www.securityfocus.com/archive/1/447504/100/0/threaded
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:kerio:personal_firewall:4.0.13:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.14:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.1:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.3.246:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.2:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.15:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.16:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.3.268:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.6:*:*:*:*:*:*:*
Information

Published : 2006-10-04 21:04

Updated : 2018-10-17 14:41

NVD link : CVE-2006-5153

Mitre link : CVE-2006-5153

JSON object : View

CWE
NVD-CWE-Other
Advertisement

dedicated server usa
Products Affected

kerio

  • personal_firewall