Kerio MailServer < 6.0.1 Embedded HTTP Server Unspecified Issue

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote mail server has an unspecified vulnerability.

Description :

The remote host is running a version of Kerio MailServer prior to
6.0.1. Kerio Mailserver is an SMTP server that ships with an
embedded HTTP server.

It has been reported that there are multiple remote overflows in
versions of Kerio prior to 6.0.1, although the exact nature of these
overflows is not yet known.

Note that Nessus determined this vulnerability exists based solely on
the version in the received banner. If the host is running obfuscated
banners, this may be a false positive.

See also :

http://securitytracker.com/alerts/2004/Aug/1010949.html

Solution :

Upgrade to Kerio MailServer 6.0.1 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.4
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Web Servers

Nessus Plugin ID: 14279 (kerio_webmail_601.nasl)

Bugtraq ID: 10936

CVE ID: