Kerio MailServer < 6.5.0 Multiple Vulnerabilities

Critical Nessus Plugin ID 31119


The remote mail server is affected by multiple vulnerabilities.


The remote host is running Kerio MailServer, a commercial mail server available for Windows, Linux, and Mac OS X platforms.

According to its banner, the installed version of Kerio MailServer is affected by several issues :

- There is a possible buffer overflow in the Visnetic antivirus plug-in.

- There is an as-yet unspecified security issue with NULL DACL in the AVG plug-in.

- Memory corruption is possible during uudecode decoding.


Upgrade to Kerio MailServer 6.5.0 or later.

See Also

Plugin Details

Severity: Critical

ID: 31119

File Name: kerio_kms_650.nasl

Version: $Revision: 1.17 $

Type: remote

Published: 2008/02/20

Modified: 2016/11/23

Dependencies: 25991

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:kerio:kerio_mailserver

Required KB Items: kerio/port

Exploit Available: false

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-0858, CVE-2008-0859, CVE-2008-0860

BID: 27868

OSVDB: 42124, 42125, 42126

Secunia: 29021

CWE: 94, 399