Serious Security risk Tiny/Kerio

Discussion in 'other firewalls' started by BlitzenZeus, Feb 25, 2002.

Thread Status:
Not open for further replies.
  1. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Tiny/Kerio will not stop a program called "persfw.exe" from using the internet.  It also happens to be the same name of one of its one files.  Its not checking to make sure that the path, or MD5 sig is correct so this is a serious expliot!

    Its been confirmed by others, and I even tested it on my system.

    I personally can't understand why they would let any application bypass the firewall, nomatter what it may be called.  It also appears to me that Kerio will be the only development in the future since the offical Tiny group was archived, then replaced by the Kerio group.

    We're hoping that this will be fixed in the next beta release for Kerio, but Tiny may not updated in the future.  Leaving it to exist obsolete and unsecure  :(

    Here's a link to another board where i'm also discussing the issue.
    http://www.dslreports.com/forum/remark,2598604~root=security,1~mode=flat

    The issue is also being discussed in the official Kerio Firewall Group(members only)
    http://groups.yahoo.com/group/keriofirewall/
     
  2. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    UPDATE:

    In the first link we discovered some important facts:
    --Tiny Version 2.0.14 does not have this problem.
    --We hacked kerio to prevent this from happening.

    The problem likely has to do with the 'check for updates' features since that seems to be the only real difference between .14, and .15

    I have currently downgraded to Tiny ver .14 on my XP for now, and I'm using my manually hacked Kerio firewall driver vxd on Win98se with good results.

    Lets just hope this is fixed in the next Kerio release.
     
  3. Checkout

    Checkout Security Rhinoceros

    Joined:
    Feb 11, 2002
    Posts:
    1,226
    Whew- no wonder I'm sticking with ZAP!
     
  4. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    BlitzenZeus,

    Kerio will target this problem:

    Good work from Stan  ;) !

    regards.

    paul
     
  5. octogen

    octogen Registered Member

    Joined:
    Feb 11, 2002
    Posts:
    212
    I second Paul's statement "Good work from Stan".  Mr. (Dr. ?)Kolar and the people at Kerio have been, and I am certain, will continue to be, very responsive to any issue concerning the firewall. :)
     
  6. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Yeah, looks like there is a great devolpment team behind this product now, and its good to hear that the final release will be out soon.

    BTW Checkout, besides this flaw some programmer built into only a couple versions the program, Tiny/Kerio still gives us more control over our communications than ZAP, and for free.  However not everyone is up to running a rule based firewall, but that is where ZA(or similar) comes in for newbies/beginners....
     
  7. kyte50

    kyte50 Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    7
    Location:
    Australia
    i dont get this..  i have had the firewall ask me for permission every time i have updated the files...  where is it falling over?
     
  8. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    kyte50, did you honestly read what I said, or the first link in my post?

    These explain everything, and then some of you read them....
     
  9. Zhen-Xjell

    Zhen-Xjell Security Expert

    Joined:
    Feb 8, 2002
    Posts:
    1,397
    Location:
    Ohio
    I agree, ZA is an excellent starting point for anyone who wants to have a firewall and is new to the arena.  I myself still run it, only the PRO version.  ;)
     
  10. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    I fail to see why this is a big deal. It would be nice to have it patched, but hardly an emergency.

    for a malicious program named "persfw.exe" to be on my machine, I would have to have been infected by a trojan, or execute a file attachment sent to me. If this happens, and there now is malware running on my machine, it very well might just shut down and delete every security program it finds. At this point it would matter little what the file was called.
     
  11. BlitzenZeus

    BlitzenZeus Security Expert

    Joined:
    Feb 11, 2002
    Posts:
    451
    Location:
    Oregon, USA
    Well this program is not subject to the rules, its path is not being verified, and its MD5 signature is not being verified.  That is the security risk here......
     
Loading...
Thread Status:
Not open for further replies.