Kerio MailServer < 6.0.3 Unspecified Code Execution

Critical Nessus Network Monitor Plugin ID 2340

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running a version of Kerio MailServer prior to 6.0.3.

There is an undisclosed flaw in the remote version of this server that might allow an attacker to execute arbitrary code on the remote host.

Solution

Upgrade to Kerio MailServer 6.0.3 or higher.

See Also

http://www.kerio.com/mailserver/history

http://www.kerio.com/kms_history.html

Plugin Details

Severity: Critical

ID: 2340

File Name: 2340.prm

Family: SMTP Servers

Published: 2004/10/01

Modified: 2016/01/19

Dependencies: 2004, 2005

Nessus ID: 15404

Risk Information

Risk Factor: Critical

CVSSv2

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2004-2441

BID: 11300