=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2004/VULN500
_____________________________________________________________________

DATE                      : 19/11/2004

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows systems running Kerio Personal Firewall 4.1.1
                                         and prior.

======================================================================

http://www.kerio.com/security_advisory.html


Security Advisory

Advisory Number: KSEC-2004-11-04-01

Date: November 4, 2004

Severity: Denial of Service

Name: Malicious packet can cause 100% utilization and freeze of
       the system.

Affected products: Kerio Personal Firewall versions 4.0.0 thru 4.1.1

Fix availability: Version 4.1.2 and higher is not vulnerable.

Description: The bug allows an attacker to send a malicious packet causing
              100% CPU utilization and total freeze of the system. Hard
              restart is necessary to recover from the freeze state (in most
              cases it means physical access to the affected computer).

Credit: eEye Digital Security


======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
         =========================================================
         + CERT-RENATER          | tel : 01-53-94-20-44          +
         + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
         + 75013 Paris           | email: certsvp@renater.fr     +
         =========================================================