CVE-2005-0964 - OpenCVE

Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier allows local users to bypass firewall rules via a malicious process that impersonates a legitimate process that has fewer restrictions.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Kerio	Personal Firewall

Configuration 1 [-]

OR	cpe:2.3:a:kerio:personal_firewall:4.0.6:::::::*
	cpe:2.3:a:kerio:personal_firewall:4.0.7:::::::*
	cpe:2.3:a:kerio:personal_firewall:4.0.8:::::::*
	cpe:2.3:a:kerio:personal_firewall:4.0.9:::::::*
	cpe:2.3:a:kerio:personal_firewall:4.0.10:::::::*
	cpe:2.3:a:kerio:personal_firewall:4.0.16:::::::*
	cpe:2.3:a:kerio:personal_firewall:4.1:::::::*
	cpe:2.3:a:kerio:personal_firewall:4.1.1:::::::*
	cpe:2.3:a:kerio:personal_firewall:4.1.2:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/14717
http://securitytracker.com/id?1013607
http://www.kerio.com/security_advisory.html#0503
http://www.securityfocus.com/bid/12946
https://exchange.xforce.ibmcloud.com/vulnerabilities/19893

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-04-03T05:00:00

Updated: 2024-08-07T21:35:58.932Z

Reserved: 2005-04-03T00:00:00

Link: CVE-2005-0964

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-05-02T04:00:00.000

Modified: 2017-07-11T01:32:28.530

Link: CVE-2005-0964

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-03-30T00:00:00", "descriptions": [{"lang": "en", "value": "Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier allows local users to bypass firewall rules via a malicious process that impersonates a legitimate process that has fewer restrictions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "12946", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/12946"}, {"name": "14717", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/14717"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kerio.com/security_advisory.html#0503"}, {"name": "kerio-firewall-rule-security-bypass(19893)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19893"}, {"name": "1013607", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1013607"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-0964", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier allows local users to bypass firewall rules via a malicious process that impersonates a legitimate process that has fewer restrictions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "12946", "refsource": "BID", "url": "http://www.securityfocus.com/bid/12946"}, {"name": "14717", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/14717"}, {"name": "http://www.kerio.com/security_advisory.html#0503", "refsource": "CONFIRM", "url": "http://www.kerio.com/security_advisory.html#0503"}, {"name": "kerio-firewall-rule-security-bypass(19893)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19893"}, {"name": "1013607", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1013607"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T21:35:58.932Z"}, "title": "CVE Program Container", "references": [{"name": "12946", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/12946"}, {"name": "14717", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/14717"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kerio.com/security_advisory.html#0503"}, {"name": "kerio-firewall-rule-security-bypass(19893)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19893"}, {"name": "1013607", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1013607"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-0964", "datePublished": "2005-04-03T05:00:00", "dateReserved": "2005-04-03T00:00:00", "dateUpdated": "2024-08-07T21:35:58.932Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:kerio:personal_firewall:4.0.6:*:*:*:*:*:*:*", "matchCriteriaId": "E6C66920-4A4F-4335-B052-44E1F92F585B", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:personal_firewall:4.0.7:*:*:*:*:*:*:*", "matchCriteriaId": "658F01AE-C211-473C-BF70-E524E4310F20", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:personal_firewall:4.0.8:*:*:*:*:*:*:*", "matchCriteriaId": "1F769FAE-CC31-4C8B-B785-1423DFC2BA3B", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:personal_firewall:4.0.9:*:*:*:*:*:*:*", "matchCriteriaId": "CB7202BC-AD0B-41B1-B7C1-7665498C967B", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:personal_firewall:4.0.10:*:*:*:*:*:*:*", "matchCriteriaId": "38E60288-F9E6-4E7C-9B48-352277A34C85", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:personal_firewall:4.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "19EA5978-64EC-4B54-BC06-20324DB0E6CC", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:personal_firewall:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "C2B9D00A-6598-4BC0-B058-7598657274D8", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:personal_firewall:4.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5C076C7D-D833-42CF-9FEF-F3654013AB05", "vulnerable": true}, {"criteria": "cpe:2.3:a:kerio:personal_firewall:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "9FEB6DB5-851E-4EDF-AC1C-CBA502C6D5A4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier allows local users to bypass firewall rules via a malicious process that impersonates a legitimate process that has fewer restrictions."}], "id": "CVE-2005-0964", "lastModified": "2017-07-11T01:32:28.530", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-05-02T04:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/14717"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1013607"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.kerio.com/security_advisory.html#0503"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/12946"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19893"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}