 |
|
|
|
|
|
|
|
| 2004-01-27 - Security Hole in KPF 2.1.5 |
A big security hole have been found by Tuneld.com today. The affected users are those who use the Kerio Personal Firewall versions between 2.0 and 2.1.5 .
This hole gives SYSTEM privileges to any user that are logged in to the computer. With these privileges the user can do anything he/she wants on the system.
"-How do I use this hole?" ..well thats easy. Just open the KPF Administration window and then use the "Load" button (that is for loading .conf files to import rules for the firewall) and browse for the CMD.EXE file under the "c:\windows\system32\" folder. when you have started that commandprompt you will have full access to your system.
You can watch a screenshot here
------
SecurityTracker.com and SecurityFocus.com have contacted me and they have published a report.
SecurityTracker.com did a report here
SecurityFocus.com did a report here |
|
| |
|
|
| |
|
|
|
Ads
