[NT] Kerio Mail Server Multiple DoS and Cross-Site Scripting Vulnerabilities

From: support@securiteam.com
Date: 08/21/02

From: support@securiteam.com
To: list@securiteam.com
Date: Wed, 21 Aug 2002 11:04:48 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Kerio Mail Server Multiple DoS and Cross-Site Scripting Vulnerabilities


 <http://www.kerio.com/us/kms_home.html> Kerio Mail server is designed as
a secure mail server accessible from anywhere. Kerio Mail server offers
the following services: POP3, SMTP, IMAP, Secure IMAP, POP3S, Web-mail,
Secure Web-mail, Anti-virus, Mail back-up etc. The product has been found
to contain multiple DoS and Cross-Site scripting vulnerabilities. These
vulnerabilities allow an attacker to disable the whole mail server
services and to cause the execution of malicious code.


1] Multiple DoS vulnerabilities with Kerio Mail Server services
By sending multiple "SYN" packet to every services of the mail server
(POP3, SMTP, IMAP, Secure IMAP, POP3S, Web-mail, Secure Web-mail) it is
possible to cause the server to stop functioning. Sending a minimum of
five SYN packets is enough to stop the service from responding (the
service will return to function after several minutes).

2] Cross-Site Scripting vulnerabilities
Kerio's Web-Mail contains multiple cross-site scripting vulnerabilities
that allow any user who is allowed to access the web-mail to execute
malicious code.

Affected links:
http:// webmail>/login <---------- Front page of the web mail
http:// webmail>/search
http:// webmail>/settings
http:// webmail>/new
http:// webmail>/list
http:// webmail>/logout


The information has been provided by <mailto:Abraham@nssolution.com>
Abraham Lincoln Hao and <mailto:SunNinja@nssolution.com> SunNinja.


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com


The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.


The vulnerabilitys described here were fixed by Kerio Technologies Inc. on 10/22/02 with the Release of Version 5.1.7.
All user who have Kerio MailServer installed should upgrade to Version 5.1.7.