Kerio Mail Server Multiple Security Vulnerabilities

2002-08-20T00:00:00
ID SECURITYVULNS:DOC:3388
Type securityvulns
Reporter Securityvulns
Modified 2002-08-20T00:00:00

Description

Good Day. The information below is the same as the security advisory regarding kerio mail server. Thank YOU!

==================CUT======================= NSSI-Research Labs Security Advisory

http://www.nssolution.com

"Maximum e-security"

http://nssilabs.nssolution.com

Kerio Mail Server 5.0 Multiple DOS and Cross-site scripting Vulnerabilities

Author: Abraham Lincoln Hao / SunNinja

e-Mail: Abraham@nssolution.com / SunNinja@nssolution.com

Advisory code: nssilabs-keriosecvuln

Platform: Windows NT / 2000 / XP

Vendor Status: No Response for 1 1/2 weeks after the notice.

Vendors website: http://www.kerio.com

Severity: High

Overview

Kerio Mail Server 5.x  is designed as a “secure mail server

accessible from anywhere” . that offers the following features; POP3, SMTP, IMAP, Secure IMAP, POP3S, Web-mail, Secure Web-mail, Anti-virus, Mail back-up etc.. This is based on their web-site wink

Kerio Mail Server for windows platform contains a multiple DOS and Cross-Site scripting scripting vulnerabilities in All mail services and Web mail module of the mail server This vulnerabilities could allow an attacker to disable the whole mail server services and allow malicious script to execute.

1] Multiple DOS vulnerabilities with Kerio Mail Server services

- By sending multiple "SYN" packet to every services of the mail

server (POP3, SMTP, IMAP, Secure IMAP, POP3S, Web-mail, Secure Web-mail) it would stop the mail server services from responding. Sending minimum of 5 syn packet is enough to stop the service from responding and the service will be up again after several mins. This vulnerability consumes all resources of the system that forces the service to stop responding.

2] Cross-Site Scripting vulnerabilities

- Kerio's Web-Mail contains a Multiple Cross-site scripting

vulnerabilities that could allow any user who's allowed to access the web-mail to execute Malicious scripts. Even Secure Web-mail is affected by this vulnerability.

Affected links:

http://<kerio webmail>/login <---------- Frontpage of the webmail

http://<kerio webmail>/search

http://<kerio webmail>/settings

http://<kerio webmail>/new

http://<kerio webmail>/list

http://<kerio webmail>/logout

Workaround:

1] Filter All Services and only allow trusted source inside the network ;] (Disable all services outside the network nodz)

2] Cross-site scripting vulnerability workaround

      - Filter Port 80 and HTTPS and only allow those ports to be

access locally to minimize the threat or use a Application-based Firewall to filter malicious scripting execution.

Any Questions? Suggestions? or Comments? let us know

e-mail: nssilabs@nssolution.com / SunNinja@nssolution.com / support@nssolution.com

================================Cut=============================================== thanks.

Regards, -Abraham- NSSI Technologies Inc. http://nssilabs.nssolution.com --


Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup