Kerio Personal Firewall Engine Denial of Service

Affected Software: Kerio Personal Firewall 4.x

David Matousek has discovered a vulnerability in Kerio Personal Firewall, which can be exploited by malicious, local users to cause a DoS (Denial of Service).

The vulnerability is caused due to a logic error in the kpf4ss.exe service in the “CreateRemoteThread()” API hook. This can be exploited to cause a runtime error via a “CreateRemoteThread()” API call.

The vulnerability has been confirmed in version 4.3.246. Other versions may also be affected.

Solution:  Grant only trusted users access to affected systems.

Update:  Sunbelt released an update to its firewall software to fix the above issue.  See Sunbelt’s blog for details.

Leave a Reply