Kerio Mail Server Multiple Security Vulnerabilities

From: Abraham Lincoln (sunninjaat_private)
Date: Mon Aug 19 2002 - 10:07:40 PDT

Next message: Jeroen Latour: "[Mantis Advisory/2002-01] SQL poisoning vulnerability in Mantis"

Previous message: Charles Miller: "Re: IE SSL Vulnerability"
Next in thread: Jaroslav Snajdr: "Re: Kerio Mail Server Multiple Security Vulnerabilities"
Reply: Jaroslav Snajdr: "Re: Kerio Mail Server Multiple Security Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Good Day. The information below is the same as the security advisory regarding kerio mail server. Thank YOU!

==================CUT=======================
NSSI-Research Labs Security Advisory

http://www.nssolution.com 

"Maximum e-security" 

http://nssilabs.nssolution.com

Kerio Mail Server 5.0 Multiple DOS and Cross-site scripting
Vulnerabilities

Author: Abraham Lincoln Hao / SunNinja 

e-Mail: Abrahamat_private / SunNinjaat_private

Advisory code: nssilabs-keriosecvuln 

Platform: Windows NT / 2000 / XP

Vendor Status: No Response for 1 1/2 weeks after the notice.

Vendors website: http://www.kerio.com 

Severity: High

Overview

    Kerio Mail Server 5.x  is designed as a “secure mail server
accessible from anywhere” . that offers the following features; POP3,
SMTP, IMAP, Secure IMAP, POP3S, Web-mail, Secure Web-mail,
Anti-virus, Mail back-up etc.. This is based on their web-site *wink*  

Kerio Mail Server for windows platform contains a multiple DOS and
Cross-Site scripting scripting vulnerabilities in All mail services
and Web mail module of the mail server This vulnerabilities could
allow an attacker to disable the whole	mail server services and
allow malicious script to execute.

1] Multiple DOS vulnerabilities with Kerio Mail Server services

    - By sending multiple "SYN" packet to every services of the mail
server (POP3, SMTP, IMAP, Secure IMAP, POP3S, Web-mail, Secure
Web-mail) it would stop the mail server  services from responding.
Sending minimum of 5 syn packet is enough to stop the service from
responding and the service will be up again after several mins. This
vulnerability consumes all resources of the system that forces the
service to stop responding.

2] Cross-Site Scripting vulnerabilities

    - Kerio's Web-Mail contains a Multiple Cross-site scripting
vulnerabilities that could allow any user who's allowed to access the
web-mail to execute Malicious scripts. Even Secure Web-mail is
affected by this vulnerability.

Affected links:

http:// webmail>/login   <---------- Frontpage of the webmail

http:// webmail>/search

http:// webmail>/settings

http:// webmail>/new

http:// webmail>/list

http:// webmail>/logout

Workaround:

1] Filter All Services and only allow trusted source inside the
network ;] (Disable all services outside the network *nodz*)

2] Cross-site scripting vulnerability workaround

	  - Filter Port 80 and HTTPS and only allow those ports to be
access locally to minimize the threat or  use a Application-based
Firewall to filter malicious scripting execution.

Any Questions? Suggestions? or Comments? let us know

e-mail: nssilabsat_private / SunNinjaat_private /
supportat_private




================================Cut===============================================
 thanks.

Regards,
-Abraham-
NSSI Technologies Inc.
http://nssilabs.nssolution.com
-- 
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup

Next message: Jeroen Latour: "[Mantis Advisory/2002-01] SQL poisoning vulnerability in Mantis"
Previous message: Charles Miller: "Re: IE SSL Vulnerability"
Next in thread: Jaroslav Snajdr: "Re: Kerio Mail Server Multiple Security Vulnerabilities"
Reply: Jaroslav Snajdr: "Re: Kerio Mail Server Multiple Security Vulnerabilities"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Aug 19 2002 - 15:05:37 PDT