[NT] Kerio Mail Server Multiple DoS and Cross-Site Scripting Vulnerabilities

From: support@securiteam.com
Date: 08/21/02


From: support@securiteam.com
To: list@securiteam.com
Date: Wed, 21 Aug 2002 11:04:48 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Kerio Mail Server Multiple DoS and Cross-Site Scripting Vulnerabilities
------------------------------------------------------------------------

SUMMARY

 <http://www.kerio.com/us/kms_home.html> Kerio Mail server is designed as
a secure mail server accessible from anywhere. Kerio Mail server offers
the following services: POP3, SMTP, IMAP, Secure IMAP, POP3S, Web-mail,
Secure Web-mail, Anti-virus, Mail back-up etc. The product has been found
to contain multiple DoS and Cross-Site scripting vulnerabilities. These
vulnerabilities allow an attacker to disable the whole mail server
services and to cause the execution of malicious code.

DETAILS

1] Multiple DoS vulnerabilities with Kerio Mail Server services
By sending multiple "SYN" packet to every services of the mail server
(POP3, SMTP, IMAP, Secure IMAP, POP3S, Web-mail, Secure Web-mail) it is
possible to cause the server to stop functioning. Sending a minimum of
five SYN packets is enough to stop the service from responding (the
service will return to function after several minutes).

2] Cross-Site Scripting vulnerabilities
Kerio's Web-Mail contains multiple cross-site scripting vulnerabilities
that allow any user who is allowed to access the web-mail to execute
malicious code.

Affected links:
http:// webmail>/login <---------- Front page of the web mail
http:// webmail>/search
http:// webmail>/settings
http:// webmail>/new
http:// webmail>/list
http:// webmail>/logout

ADDITIONAL INFORMATION

The information has been provided by <mailto:Abraham@nssolution.com>
Abraham Lincoln Hao and <mailto:SunNinja@nssolution.com> SunNinja.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

====================
====================

COMMENT FROM DER-KEILER.DE:
The vulnerabilitys described here were fixed by Kerio Technologies Inc. on 10/22/02 with the Release of Version 5.1.7.
All user who have Kerio MailServer installed should upgrade to Version 5.1.7.



Relevant Pages

  • Re: What is the rejected mail hosts list
    ... I'm in my first week of trying out FreeBSD and have a quick question ... >clarify what the 'rejected mail hosts' output is for. ... >to use my mail server?. ... Rest assured that the default sendmail setup is really pretty secure, ...
    (comp.unix.bsd.freebsd.misc)
  • SSL E-mail - was Re: When do you turn off your Ubuntu boxes?
    ... what do you use for the mail server? ... encryption is necessary because I do everything on localhost. ... SSL only works if both ... was much that could be done to secure mail on the way out other than ...
    (Ubuntu)
  • Re: OMail exploits..?
    ... > I am setting up a new mail server with OMail as the web interface and I was ... > wondering if there are any exploits for OMail.? ... and decide yourself if it's secure enough for you or not. ... Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! ...
    (Security-Basics)
  • Re: Does Apple have a solution
    ... John C. Randolph wrote: ... Not secure, as in script kiddies can take over your mail server at will, and send obscene messages to everyone you do business with ...
    (comp.sys.mac.advocacy)