Kerio MailServer < 6.0.10 Multiple Mail Handling DoS

medium Nessus Plugin ID 18256

Synopsis

The remote mail server is vulnerable to multiple denial of service attacks.

Description

According to its banner, the remote host is running a version of Kerio MailServer prior to 6.0.10. In those versions, crashes can occur when downloading certain email messages in IMAP or Outlook with Kerio Outlook Connector (KOC) or, under Linux, when parsing email messages with multiple embedded 'eml' attachments.

Solution

Upgrade to Kerio MailServer 6.0.10 or newer.

See Also

http://www.kerio.com/kms_history.html

Plugin Details

Severity: Medium

ID: 18256

File Name: kerio_mailserver_6010.nasl

Version: 1.15

Type: remote

Published: 5/14/2005

Updated: 8/8/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:kerio:kerio_mailserver

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/12/2005

Exploitable With

Elliot (RedHat JBoss File Disclosure)

Reference Information

BID: 13616