Vulnerabilities > CVE-2004-1109 - Denial Of Service vulnerability in Kerio Personal Firewall IP Options

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

kerio

exploit available

NVD

Published: 2005-01-10

Updated: 2017-07-11

Summary

The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or (3) ICMP packet with a zero length IP Option field.

Vulnerable Configurations

Part	Description	Count
Application	Kerio Kerio Personal Firewall 4.0.6 Kerio Personal Firewall 4.0.7 Kerio Personal Firewall 4.0.8 Kerio Personal Firewall 4.0.9 Kerio Personal Firewall 4.0.10 Kerio Personal Firewall 4.0.16 Kerio Personal Firewall 4.1 Kerio Personal Firewall 4.1.1	8

Exploit-Db

description	Kerio Personal Firewall <= 4.1.1 Multiple IP Options DoS Exploit. CVE-2004-1109. Dos exploit for windows platform
id	EDB-ID:626
last seen	2016-01-31
modified	2004-11-12
published	2004-11-12
reporter	houseofdabus
source	https://www.exploit-db.com/download/626/
title	Kerio Personal Firewall <= 4.1.1 - Multiple IP Options DoS Exploit

Summary

Vulnerable Configurations

Exploit-Db

References