| VID |
18087 |
| Severity |
30 |
| Port |
25 |
| Protocol |
TCP |
| Class |
SMTP |
| Detailed Description |
The relevant host is running a version of Kerio MailServer prior to 6.0.10. Kerio MailServer is an SMTP server with built-in antivirus and antispam functionality. Kerio MailServer versions prior to 6.0.10 are vulnerable to multiple remote denial of service vulnerabilities in the WebMail service. A remote attacker could exploit this vulnerability to cause a denial of service.
1) An error in the parsing of mails with multiple embedded ".eml" attachments may be exploited to crash the program on Linux systems.
2) An error when downloading mails for IMAP and KOC (Kerio Outlook Connector) can be exploited to cause a crash.
* Note: This check solely relied on the banner of the remote SMTP server to assess this vulnerability, so this might be a false positive.
* References:
http://www.kerio.com/kms_history.html
http://secunia.com/advisories/15360/
* Platforms Affected:
Kerio Technologies, Inc., Kerio MailServer versions prior to 6.0.10
Linux Any version
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Kerio MailServer (6.0.10 or later), available from the Kerio MailServer Download Web page at http://www.kerio.com/kms_download.html |
| Related URL |
(CVE) |
| Related URL |
13616 (SecurityFocus) |
| Related URL |
20598,20599 (ISS) |
|
