Detections
Analytics

Kerio MailServer Webmail Malformed Email Handling Resource Exhaustion DoS

high Nessus Plugin ID 18058

Language:

Synopsis

The remote mail server is prone to a denial of service attack.

Description

According to its banner, the remote host is running a version of Kerio MailServer prior to 6.0.9. Such versions may be subject to hangs or high CPU usage when malformed email messages are viewed through its WebMail component. An attacker may be able leverage this issue to deny service to legitimate users simply by sending a specially crafted message and having that message viewed by someone using Kerio WebMail.

Solution

Upgrade to Kerio MailServer 6.0.9 or newer.

See Also

http://www.kerio.com/kms_history.html

Plugin Details

Severity: High

ID: 18058

File Name: kerio_webmail_609.nasl

Version: 1.13

Type: remote

Published: 4/15/2005

Updated: 7/12/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/a:kerio:kerio_mailserver

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 4/13/2005

Reference Information

CVE: CVE-2005-1138

BID: 13180