CVE-2006-5153

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-5153
The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal Firewall 4.3.268 and earlier do not validate arguments passed through to SSDT functions, including NtCreateFile, NtDeleteFile, NtLoadDriver, NtMapViewOfSection, NtOpenFile, and NtSetInformationFile, which allows local users to cause a denial of service (crash) and possibly other impacts via unspecified vectors.

5.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://secunia.com/advisories/22234 Vendor Advisory
http://securityreason.com/securityalert/1685
http://securitytracker.com/id?1016967
http://www.matousec.com/info/advisories/Kerio-Multiple-insufficient-argument-validation-of-hooked-SSDT-functions.php Exploit Vendor Advisory
http://www.securityfocus.com/archive/1/447504/100/0/threaded
http://www.securityfocus.com/bid/20299 Exploit
http://www.vupen.com/english/advisories/2006/3872
https://exchange.xforce.ibmcloud.com/vulnerabilities/29313
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:kerio:personal_firewall:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.9:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.10:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.11:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.12:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.13:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.14:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.15:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.0.16:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.1:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.2:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.3.246:*:*:*:*:*:*:*
cpe:2.3:a:kerio:personal_firewall:4.3.268:*:*:*:*:*:*:*
History

No history.

Information

Published : 2006-10-05 04:04

Updated : 2018-10-17 21:41

NVD link : CVE-2006-5153

Mitre link : CVE-2006-5153

CVE.ORG link : CVE-2006-5153

JSON object : View

Products Affected

kerio

  • personal_firewall
CWE
NVD-CWE-Other