Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3286

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2005-3286
Last Modified 12 Dec 2012 09:43:26
Published 23 Oct 2005 06:02:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-3286

Summary

The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the "PEB lockout vulnerability."

Vulnerable Systems

Application

  • Kerio Personal Firewall 4.2

  • Kerio Serverfirewall 1.1.1


References

CONFIRM - http://www.kerio.com/security_advisory.html

SECUNIA - 17155

BID - 15094

MISC - http://pb.specialised.info/all/adv/kerio-fwdrv-dos-adv.txt

FULLDISC - 20051013 Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service

OSVDB - 19961

SREASON - 78


Last Updated: 27 May 2016 10:40:52