Kerio MailServer < 6.0.9 Malformed Email DoS

medium Nessus Network Monitor Plugin ID 2834

Synopsis

The remote host is vulnerable to a buffer overflow.

Description

The remote host is running a version of Kerio MailServer prior to 6.0.9. There is an undisclosed flaw in the remote version of this server that might allow an attacker to exhaust resources (impact availability) on the Kerio MailServer.

Solution

Upgrade to Kerio MailServer 6.0.9 or higher.

Plugin Details

Severity: Medium

ID: 2834

Family: SMTP Servers

Published: 4/18/2005

Updated: 3/6/2019

Nessus ID: 18058

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:kerio:kerio_mailserver

Reference Information

CVE: CVE-2005-1138

BID: 13180

Detections

Analytics