The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or (3) ICMP packet with a zero length IP Option field.
Software | From | Fixed in |
---|---|---|
kerio / personal_firewall | 4.0.10 | 4.0.10.x |
kerio / personal_firewall | 4.0.16 | 4.0.16.x |
kerio / personal_firewall | 4.0.6 | 4.0.6.x |
kerio / personal_firewall | 4.0.7 | 4.0.7.x |
kerio / personal_firewall | 4.0.8 | 4.0.8.x |
kerio / personal_firewall | 4.0.9 | 4.0.9.x |
kerio / personal_firewall | 4.1 | 4.1.x |
kerio / personal_firewall | 4.1.1 | 4.1.1.x |