Kerio MailServer < 6.5.0 Multiple Vulnerabilities

critical Nessus Plugin ID 31119

Synopsis

The remote mail server is affected by multiple vulnerabilities.

Description

The remote host is running Kerio MailServer, a commercial mail server available for Windows, Linux, and Mac OS X platforms.

According to its banner, the installed version of Kerio MailServer is affected by several issues :

- There is a possible buffer overflow in the Visnetic antivirus plug-in.

- There is an as-yet unspecified security issue with NULL DACL in the AVG plug-in.

- Memory corruption is possible during uudecode decoding.

Solution

Upgrade to Kerio MailServer 6.5.0 or later.

See Also

http://www.kerio.com/kms_history.html

Plugin Details

Severity: Critical

ID: 31119

File Name: kerio_kms_650.nasl

Version: 1.19

Type: remote

Published: 2/20/2008

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:kerio:kerio_mailserver

Required KB Items: kerio/port

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-0858, CVE-2008-0859, CVE-2008-0860

BID: 27868

CWE: 399, 94

SECUNIA: 29021