Vulnerabilities > CVE-2006-5153 - Local Denial of Service vulnerability in Sunbelt Kerio Personal Firewall

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

kerio

NVD

Published: 2006-10-05

Updated: 2018-10-17

Summary

The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments passed through to SSDT functions, including NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and NtSetInformationFile, which allows local users to cause a denial of service (crash) and possibly other impacts via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Kerio Kerio Personal Firewall 4.0.6 Kerio Personal Firewall 4.0.7 Kerio Personal Firewall 4.0.8 Kerio Personal Firewall 4.0.9 Kerio Personal Firewall 4.0.10 Kerio Personal Firewall 4.0.11 Kerio Personal Firewall 4.0.12 Kerio Personal Firewall 4.0.13 Kerio Personal Firewall 4.0.14 Kerio Personal Firewall 4.0.15 Kerio Personal Firewall 4.0.16 Kerio Personal Firewall 4.1 Kerio Personal Firewall 4.1.0 Kerio Personal Firewall 4.1.1 Kerio Personal Firewall 4.1.2 Kerio Personal Firewall 4.2 Kerio Personal Firewall 4.3.246 Kerio Personal Firewall 4.3.268	18

Summary

Vulnerable Configurations

References