RASTABT
1
This may be old news to many but I've just come across this find below.
It's worth a read even if you don't use Kerio v2xx..
Date: Jan 28 2004
Impact: Root access via local system
Exploit Included: Yes
Version(s): 2.x
Description: Johan Tuneld reported a vulnerability in the Kerio Personal Firewall version 2.x. A local user can run commands with SYSTEM privileges.
It is reported that a local user can use the administrative menus to run a copy of 'cmd.exe' with SYSTEM level privileges. A user can go to the Administration > Miscellaneous menu, select the 'Load' button, browse to 'c:\windows\system32\cmd.exe', right-click on 'cmd.exe', and then select 'Open' to open a command window with SYSTEM privileges.
A demonstration exploit screen shot is provided at:
http://www.tuneld.com/_images/other/kpf_system_privileges.png
If a firewall password is used, the local user must be authenticated to the firewall
before exploiting this flaw.
[Editor's note: The vulnerability reportedly applies to version 2. It is not clear if more recent versions of the firewall are also affected or not.]
Impact: A local user can open a Windows command window (cmd.exe) with SYSTEM privileges.
Solution: No solution was available at the time of this entry.
Vendor URL: www.kerio.com/kpf_home.html (Links to External Site)
Cause: Access control error
Underlying OS: Windows (Any)
Source
It's worth a read even if you don't use Kerio v2xx..
Date: Jan 28 2004
Impact: Root access via local system
Exploit Included: Yes
Version(s): 2.x
Description: Johan Tuneld reported a vulnerability in the Kerio Personal Firewall version 2.x. A local user can run commands with SYSTEM privileges.
It is reported that a local user can use the administrative menus to run a copy of 'cmd.exe' with SYSTEM level privileges. A user can go to the Administration > Miscellaneous menu, select the 'Load' button, browse to 'c:\windows\system32\cmd.exe', right-click on 'cmd.exe', and then select 'Open' to open a command window with SYSTEM privileges.
A demonstration exploit screen shot is provided at:
http://www.tuneld.com/_images/other/kpf_system_privileges.png
If a firewall password is used, the local user must be authenticated to the firewall
before exploiting this flaw.
[Editor's note: The vulnerability reportedly applies to version 2. It is not clear if more recent versions of the firewall are also affected or not.]
Impact: A local user can open a Windows command window (cmd.exe) with SYSTEM privileges.
Solution: No solution was available at the time of this entry.
Vendor URL: www.kerio.com/kpf_home.html (Links to External Site)
Cause: Access control error
Underlying OS: Windows (Any)
Source
