Serious bugs in Jetico 1.0.1.61 and Kerio 2.1.5

Discussion in 'other firewalls' started by RWA, Oct 1, 2005.

Thread Status:
Not open for further replies.
  1. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    Can you code a test to try? then we could run under different rules and traffic enabled/disabled.
     
  2. Keriokee

    Keriokee Guest

    I seriously doubt that people who dismiss the fragmented packet bug have ever written assembly language code--otherwise, they'd know what is possible by causing buffer overflows and smashing stacks--and they'd know it is possible by sending packets to a remote machine that allows it to reach the target process.

    I'm guessing the attack you're showing didn't involve using fragmented packets to exploit a buffer overflow vulnerabilities in one or more of your services or apps.

    People who can't afford to buy side-impact airbags will distort reality to the extreme rather than admit that they are knowingly incurring added risks because they don't want to pay extra. In other words, disguising the real issue (money, or lack thereof) by trying to convince themselves & anyone who'd listen that their frontal airbag will protect them from side collisions--or that side collision will never happen to them.

    If nobody ever demonstrated that front airbags fail to protect the driver in a side collision, does that mean that front airbags should be trusted for side impact? If someone shows you on paper that front airbags fail such scenarios, do you challenge them to actually crash a real car into the side of another before you believe them?

    To see how we BS ourselves and others, checkout the 10 methods listed at:
    http://www.propagandacritic.com
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    4,020
    Location:
    California
    You are quoting my response to the issue of stealth.

    No one is dismissing the fragmented packet bug. A lot of things are possible.

    But as ghost says, "I haven't seen conclusive proof that Kerio 2x allows fragmented TCP/UDP regardless of the ruleset and/or Stop Traffic option only some limited tests that say fragmented packets are not logged."

    So, until Kerio is further tested, I'm not going to get too excited about the possiblity of buffer overflows and smashing stacks.

    regards,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    8,013
    The fragmented packet issue in Kerio 2 has been beaten to death in previous threads in this forum as well as in newsgroups. I know that it exists and have seen it here on my own system, so I do not need any convincing on it, even though I cannot offer "conclusive proof" for everyone to see or read. I will say however, that I have run Kerio 2 with CHX behind it, and seen the packets (UDP) go thru Kerio to the CHX logs, and no, there was nothing wrong with my rules. The real question is, does it represent a threat or real problem. In my situation, the answer was no. Fragmented UDP packets to port 1026 (which was closed) did not seem to represent any threat here. So, for the average home user, one might say "big deal" to the whole issue. The odds of someone doing any real harm are probably minimal...
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.