Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2022 Tenable Network Security, Inc.KERIO_CONNECT_810.NASL
HistoryFeb 07, 2014 - 12:00 a.m.

Kerio Connect < 8.1.0 SSL/TLS Information Disclosure (BEAST)

2014-02-0700:00:00
This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.
www.tenable.com
1150
JSON

According to its banner, the remote host is running a version of Kerio Connect (formerly known Kerio MailServer) prior to 8.1.0. It is, therefore, affected by an information disclosure vulnerability, known as BEAST, in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the way the initialization vector (IV) is selected when operating in cipher-block chaining (CBC) modes. A man-in-the-middle attacker can exploit this to obtain plaintext HTTP header data, by using a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses the HTML5 WebSocket API, the Java URLConnection API, or the Silverlight WebClient API.

TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(72393);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/05");

  script_cve_id("CVE-2011-3389");
  script_bugtraq_id(49778);
  script_xref(name:"CERT", value:"864643");
  script_xref(name:"CEA-ID", value:"CEA-2019-0547");

  script_name(english:"Kerio Connect < 8.1.0 SSL/TLS Information Disclosure (BEAST)");

  script_set_attribute(attribute:"synopsis", value:
"The remote mail server is affected by an information disclosure
vulnerability.");
  script_set_attribute(attribute:"description", value:
"According to its banner, the remote host is running a version of Kerio
Connect (formerly known Kerio MailServer) prior to 8.1.0. It is,
therefore, affected by an information disclosure vulnerability, known
as BEAST, in the SSL 3.0 and TLS 1.0 protocols due to a flaw in the
way the initialization vector (IV) is selected when operating in
cipher-block chaining (CBC) modes. A man-in-the-middle attacker can
exploit this to obtain plaintext HTTP header data, by using a
blockwise chosen-boundary attack (BCBA) on an HTTPS session, in
conjunction with JavaScript code that uses the HTML5 WebSocket API,
the Java URLConnection API, or the Silverlight WebClient API.

TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are
not affected.");
  script_set_attribute(attribute:"see_also", value:"http://www.kerio.com/connect/history/older");
  script_set_attribute(attribute:"see_also", value:"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html");
  script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/~bodo/tls-cbc.txt");
  script_set_attribute(attribute:"solution", value:
"Upgrade to Kerio Connect 8.1.0 or later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"in_the_news", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2013/04/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/02/07");

  script_set_attribute(attribute:"plugin_type", value:"remote");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:kerio:connect");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2014-2022 Tenable Network Security, Inc.");

  script_dependencies("kerio_kms_641.nasl", "kerio_mailserver_admin_port.nasl");
  script_require_keys("kerio/port");
  script_require_ports("Services/kerio_mailserver_admin", 25, 465, 587);

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");

port = get_kb_item_or_exit('kerio/port');
ver = get_kb_item_or_exit('kerio/'+port+'/version');
display_ver = get_kb_item_or_exit('kerio/'+port+'/display_version');

# Versions prior to 7 are called MailServer; versions after are called Connect
if (ver =~ '^[0-6]\\.') product = "Kerio MailServer";
else product = "Kerio Connect";

# Workaround works for 8.0.1 and later
if (ver =~ '^8\\.0\\.[12]([^0-9]|$)' && report_paranoia < 2) audit(AUDIT_LISTEN_NOT_VULN, product, port, display_ver);

fixed_version = "8.1.0";

if (ver_compare(ver:ver, fix:fixed_version, strict:FALSE) == -1)
{
  if (report_verbosity)
  {
    report =
      '\n  Product           : ' + product +
      '\n  Installed version : ' + display_ver +
      '\n  Fixed version     : ' + fixed_version +
      '\n';
    security_warning(port:port, extra:report);
  }
  else security_warning(port);
  exit(0);
}

audit(AUDIT_LISTEN_NOT_VULN, product, port, display_ver);
VendorProductVersionCPE
kerioconnectcpe:/a:kerio:connect

Related

checkpoint_advisories 2
openvas 75
nessus 44
securityvulns 11
ibm 9
fedora 26
checkpoint_security 1
cert 1
seebug 2
cve 2
ics 2
prion 1
mskb 1
veracode 2
debiancve 1
freebsd 3
debian 6
ubuntucve 1
rubygems 1
f5 2
osv 4
rapid7blog 1
gentoo 1
checkpoint_advisories
checkpoint_advisories
Web Servers SSL Flooding Denial of Service (CVE-2011-3389)
2011-11-06 00:00:00
Preemptive Protection against SSL and TLS Protocols Information Disclosure (MS12-006; CVE-2011-3389)
2012-01-10 00:00:00
openvas
openvas
Fedora Update for nspr FEDORA-2011-17399
2012-01-23 00:00:00
Fedora Update for xulrunner FEDORA-2011-17399
2012-01-23 00:00:00
Fedora Update for perl-Gtk2-MozEmbed FEDORA-2011-17399
2012-01-23 00:00:00
nessus
nessus
Solaris 10 (x86) : 125359-15 (BEAST)
2018-03-12 00:00:00
Fedora 15 : firefox-9.0.1-1.fc15 / gnome-python2-extras-2.25.3-35.fc15.4 / nspr-4.8.9-2.fc15 / etc (2011-17399)
2012-01-23 00:00:00
FreeBSD : fetchmail -- chosen plaintext attack against SSL CBC initialization vectors (18ce9a90-f269-11e1-be53-080027ef73ec) (BEAST)
2012-08-30 00:00:00
securityvulns
securityvulns
ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST &#40;Browser Exploit Against SSL/TLS&#41; attacks
2014-05-05 00:00:00
ESA-2012-032: RSA BSAFE&#40;r&#41; Micro Edition Suite Security Update for BEAST &#40;Browser Exploit Against SSL/TLS&#41; attacks
2012-10-29 00:00:00
lighthttpd security vulnerabilities
2012-01-02 00:00:00
ibm
ibm
Security Bulletin: BEAST security vulnerability in IBM Tivoli Netcool Performance Manager for Wireline( CVE-2011-3389)
2020-08-25 12:33:00
Security Bulletin: Vulnerability in Transport Layer Security Protocol Used in IBM System Networking Ethernet Switches (CVE-2011-3389)
2023-04-14 14:32:25
Security Bulletin: Vulnerabilities in SSL and TLS protocols affect the IBM FlashSystem V840 (CVE-2011-3389)
2018-06-18 00:09:28
fedora
fedora
[SECURITY] Fedora 16 Update: nss-3.13.1-9.fc16
2011-12-23 03:31:27
[SECURITY] Fedora 15 Update: thunderbird-lightning-1.1-0.1.rc1.fc15
2012-01-22 05:26:28
[SECURITY] Fedora 15 Update: nss-util-3.13.1-3.fc15
2012-01-22 05:26:28
checkpoint_security
checkpoint_security
Check Point response to CVE-2011-3389 aka BEAST attack
2012-10-15 22:00:00
cert
cert
SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes
2011-09-27 00:00:00
seebug
seebug
Microsoft Windows SSL/TLS信息泄露漏洞
2011-09-29 00:00:00
Apple XCode 4.x 信息泄露漏洞
2012-07-27 00:00:00
cve
cve
CVE-2011-3389
2011-09-06 19:55:00
CVE-2004-2770
2011-09-25 10:55:00
ics
ics
Siemens Ruggedcom WIN Products BEAST Attack Vulnerability
2018-09-06 12:00:00
Siemens SIMATIC RF6XXR
2019-07-11 12:00:00
prion
prion
Session fixation
2011-09-06 19:55:00
mskb
mskb
MS12-006: Vulnerability in SSL/TLS could allow information disclosure: January 10, 2012
2012-01-10 00:00:00
veracode
veracode
Man-in-the-Middle (MitM)
2019-05-02 04:55:58
Blockwise Chosen-boundary Attacks
2017-04-27 06:38:37
debiancve
debiancve
CVE-2011-3389
2011-09-06 19:55:00
freebsd
freebsd
fetchmail -- chosen plaintext attack against SSL CBC initialization vectors
2012-01-19 00:00:00
asterisk -- Multiple vulnerabilities
2016-02-03 00:00:00
opera -- multiple vulnerabilities
2011-12-06 00:00:00
debian
debian
[SECURITY] [DSA 2398-2] curl regression
2012-03-31 19:38:57
[SECURITY] [DSA 2368-1] lighttpd security update
2011-12-21 00:24:51
[SECURITY] [DSA 2381-] lighttpd security update
2011-12-21 00:02:46
ubuntucve
ubuntucve
CVE-2011-3389
2011-11-16 00:00:00
rubygems
rubygems
CVE-2011-3389 HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
2011-08-31 00:00:00
f5
f5
SOL13400 - SSL 3.0/TLS 1.0 BEAST vulnerability CVE-2011-3389 and TLS protocol vulnerability CVE-2012-1870
2012-03-06 00:00:00
K13400 : SSL 3.0/TLS 1.0 vulnerability CVE-2011-3389 and TLS protocol vulnerability CVE-2012-1870
2015-06-16 00:00:00
osv
osv
curl - several
2012-03-31 00:00:00
nss - security update
2015-02-16 00:00:00
lighttpd - several
2011-12-20 00:00:00
rapid7blog
rapid7blog
New Rapid7 MDR Essentials Capability Sees What Attackers See: “It’s Eye-Opening”
2021-09-01 13:11:33
gentoo
gentoo
cURL: Multiple vulnerabilities
2012-03-06 00:00:00
JSON
Related for KERIO_CONNECT_810.NASL
checkpoint_advisories2openvas75nessus44securityvulns11ibm9fedora26checkpoint_security1cert1seebug2cve2ics2prion1mskb1veracode2debiancve1freebsd3debian6ubuntucve1rubygems1f52osv4rapid7blog1gentoo1