Vulnerability Description
The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or (3) ICMP packet with a zero length IP Option field.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kerio | Personal Firewall | 4.0.6 |
References
- http://www.eeye.com/html/research/advisories/AD20041109.html
- http://www.kerio.com/security_advisory.htmlVendor Advisory
- http://www.securityfocus.com/bid/11639ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17992
- http://www.eeye.com/html/research/advisories/AD20041109.html
- http://www.kerio.com/security_advisory.htmlVendor Advisory
- http://www.securityfocus.com/bid/11639ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17992
FAQ
What is CVE-2004-1109?
CVE-2004-1109 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or...
How severe is CVE-2004-1109?
CVE-2004-1109 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1109?
Check the references section above for vendor advisories and patch information. Affected products include: Kerio Personal Firewall.