Info

Disclosure

Dec 09, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

WinRoute Firewall contains a flaw that may allow a malicious user to insert false information into the DNS cache. The issue is triggered when an unspecified error occurs. It is possible that the flaw may allow DNS poisoning resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Infrastructure
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 6.0.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Kerio Technologies, Inc.

WinRoute Firewall

6.0.8

References

Bugtraq ID: 11870
Related OSVDB ID: 12294
Secunia Advisory ID: 13374
ISS X-Force ID: 18410
CVE ID: 2004-2483 (see also: NVD)
Vendor URL: http://www.kerio.com/
Vendor Specific News/Changelog Entry: http://www.kerio.com/kwf_history.html
Keyword: KSEC-2004-12-13-01

Credit

Kerio Technologies, Inc. - Kerio Technologies, Inc.

Direct URL: http://osvdb.org/36218