var-200305-0036
Vulnerability from variot
Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet. An exploit for this vulnerability is publicly available. A buffer-overflow vulnerability has been discovered in Kerio Personal Firewall. The problem occurs during the administration authentication process. An attacker could exploit this vulnerability by forging a malicious packet containing an excessive data size. The application then reads this data into a static memory buffer without first performing sufficient bounds checking. Note that this vulnerability affects Kerio Personal Firewall 2.1.4 and earlier. When the administrator connects to the firewall, a handshake connection will be performed to establish an encrypted session. The fourth packet of the handshake (the first packet is sent by the administrator) contains 4 bytes of data, which has a certain fixed value 0x40 (64) to indicate the follow-up The size of the package containing the admin key. When the firewall side uses recv() to process this data, it does not check the boundary buffer
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200305-0036",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "personal firewall 2",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1"
},
{
"model": "personal firewall 2",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1.3"
},
{
"model": "personal firewall 2",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1.2"
},
{
"model": "personal firewall 2",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1.1"
},
{
"model": "personal firewall 2",
"scope": "eq",
"trust": 1.6,
"vendor": "kerio",
"version": "2.1.4"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "kerio",
"version": null
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.4"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.3"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.2"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.1"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1"
},
{
"model": "personal firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "22.1.5"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#454716"
},
{
"db": "BID",
"id": "7180"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
},
{
"db": "NVD",
"id": "CVE-2003-0220"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Core Security Technologies Advisory",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
}
],
"trust": 0.6
},
"cve": "CVE-2003-0220",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2003-0220",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-7049",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2003-0220",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#454716",
"trust": 0.8,
"value": "14.06"
},
{
"author": "CNNVD",
"id": "CNNVD-200305-031",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-7049",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#454716"
},
{
"db": "VULHUB",
"id": "VHN-7049"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
},
{
"db": "NVD",
"id": "CVE-2003-0220"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet. An exploit for this vulnerability is publicly available. A buffer-overflow vulnerability has been discovered in Kerio Personal Firewall. The problem occurs during the administration authentication process. An attacker could exploit this vulnerability by forging a malicious packet containing an excessive data size. The application then reads this data into a static memory buffer without first performing sufficient bounds checking. \nNote that this vulnerability affects Kerio Personal Firewall 2.1.4 and earlier. When the administrator connects to the firewall, a handshake connection will be performed to establish an encrypted session. The fourth packet of the handshake (the first packet is sent by the administrator) contains 4 bytes of data, which has a certain fixed value 0x40 (64) to indicate the follow-up The size of the package containing the admin key. When the firewall side uses recv() to process this data, it does not check the boundary buffer",
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0220"
},
{
"db": "CERT/CC",
"id": "VU#454716"
},
{
"db": "BID",
"id": "7180"
},
{
"db": "VULHUB",
"id": "VHN-7049"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-7049",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-7049"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "7180",
"trust": 2.8
},
{
"db": "CERT/CC",
"id": "VU#454716",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2003-0220",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200305-031",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20030428 CORE-2003-0305-02: VULNERABILITIES IN KERIO PERSONAL FIREWALL",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "1537",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16465",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "22418",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "28",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "22417",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-62726",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-70979",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-76221",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-76220",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-63390",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82995",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-7049",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#454716"
},
{
"db": "VULHUB",
"id": "VHN-7049"
},
{
"db": "BID",
"id": "7180"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
},
{
"db": "NVD",
"id": "CVE-2003-0220"
}
]
},
"id": "VAR-200305-0036",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-7049"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-22T22:58:35.401000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2003-0220"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.coresecurity.com/common/showdoc.php?idx=314\u0026idxseccion=10"
},
{
"trust": 2.7,
"url": "http://www.securityfocus.com/bid/7180"
},
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/454716"
},
{
"trust": 2.0,
"url": "http://marc.info/?l=bugtraq\u0026m=105155734411836\u0026w=2"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/pfexploit.c"
},
{
"trust": 1.4,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=105155734411836\u0026w=2"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/kerio-overflow.py"
},
{
"trust": 0.8,
"url": "http://www.s0h.cc/~threat/goodies/pfpatch/sources_pfpatch.zip"
},
{
"trust": 0.8,
"url": "http://www.s0h.cc/~threat/goodies/pfpatch/pfpatch.exe"
},
{
"trust": 0.8,
"url": "http://www.kerio.com/kpf_download.html "
},
{
"trust": 0.8,
"url": "http://online.securityfocus.com/bid/7180"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
},
{
"trust": 0.3,
"url": "http://support.coresecurity.com/impact/exploits/617ed23b85dc3446ba56bfb7ed827a6b.html"
},
{
"trust": 0.3,
"url": "/archive/1/320911"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=105155734411836\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://www.coresecurity.com/common/showdoc.php?idx=314\u0026amp;idxseccion=10"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#454716"
},
{
"db": "VULHUB",
"id": "VHN-7049"
},
{
"db": "BID",
"id": "7180"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
},
{
"db": "NVD",
"id": "CVE-2003-0220"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#454716"
},
{
"db": "VULHUB",
"id": "VHN-7049"
},
{
"db": "BID",
"id": "7180"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
},
{
"db": "NVD",
"id": "CVE-2003-0220"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-05-12T00:00:00",
"db": "CERT/CC",
"id": "VU#454716"
},
{
"date": "2003-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-7049"
},
{
"date": "2003-04-28T00:00:00",
"db": "BID",
"id": "7180"
},
{
"date": "2003-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200305-031"
},
{
"date": "2003-05-12T04:00:00",
"db": "NVD",
"id": "CVE-2003-0220"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-05-13T00:00:00",
"db": "CERT/CC",
"id": "VU#454716"
},
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-7049"
},
{
"date": "2007-10-16T18:27:00",
"db": "BID",
"id": "7180"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200305-031"
},
{
"date": "2024-11-20T23:44:14.783000",
"db": "NVD",
"id": "CVE-2003-0220"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Personal Firewall vulnerable to buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#454716"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "7180"
},
{
"db": "CNNVD",
"id": "CNNVD-200305-031"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…