Kerio MailServer IMAP Server Crafted LOGIN Command DoS
High Nessus Plugin ID 21050
SynopsisThe remote IMAP server is prone to denial of service attacks.
DescriptionThe remote host is running Kerio MailServer, a commercial mail server available for Windows, Linux, and Mac OS X platforms.
The installed version of Kerio MailServer terminates abnormally when it receives certain malformed IMAP LOGIN commands. An unauthenticated, remote attacker can exploit this issue to deny access to legitimate users.
Note that the application may not terminate immediately but only after an administrator acknowledges a console message.
SolutionUpgrade to Kerio MailServer 6.1.3 Patch 1 or later.