Kerio MailServer < 6.0.10 Multiple Mail Handling DoS

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote mail server is vulnerable to multiple denial of service
attacks.

Description :

According to its banner, the remote host is running a version of Kerio
MailServer prior to 6.0.10. In those versions, crashes can occur when
downloading certain email messages in IMAP or Outlook with Kerio
Outlook Connector (KOC) or, under Linux, when parsing email messages
with multiple embedded 'eml' attachments.

See also :

http://www.kerio.com/kms_history.html

Solution :

Upgrade to Kerio MailServer 6.0.10 or newer.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P)
CVSS Temporal Score : 3.1
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Denial of Service

Nessus Plugin ID: 18256 (kerio_mailserver_6010.nasl)

Bugtraq ID: 13616

CVE ID: