VUPEN Security - Kerio MailServer Multiple Denial of Service Vulnerabilities / Exploit (Security Advisories)

	Contact \| Site en Français

VUPEN VNS v4.0

Features and Options

Free 14-Day Trial

Partner Program

Receive More Information

Latest Intelligence

VUPEN Security Advisories

Virus and Malware Alerts

VUPEN Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Kerio MailServer Multiple Denial of Service Vulnerabilities

Title : Kerio MailServer Multiple Denial of Service Vulnerabilities
VUPEN ID : VUPEN/ADV-2005-0541
CVE ID : GENERIC-MAP-NOMATCH
CWE ID : VUPEN VNS Only

CVSS V2 : VUPEN VNS Only

Rated as : Moderate Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-05-13

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

Multiple vulnerabilities were identified in Kerio MailServer, which may be exploited by attackers to cause a denial of service. The first flaw is due to an unspecified error that occurs when downloading certain e-mail in IMAP or Outlook with KOC (Kerio Outlook Connector), which may cause the application to crash. The second vulnerability occurs when parsing e-mail with multiple embedded ".eml" attachments, which may be exploited to crash a vulnerable application. The third issue is due to an unspecified error that occurs when viewing certain recurrent calendar events, which may be exploited to consume high CPU resources on a vulnerable system.

Affected Products

Kerio MailServer version 6.0.9 and prior

Solution

Upgrade to Kerio MailServer version 6.0.10 :
http://www.kerio.com/kms_download.html

References

http://www.vupen.com/english/advisories/2005/0541

Credits

Vulnerability reported by the vendor

ChangeLog

2005-05-13 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts with CVE, CWE, and CVSS when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

VUPEN Vulnerability
Notification Service

Latest Advisories

>> 2010-03-22

IBM HTTP Server Security Update Fixes Multiple Vulnerabilities

>> 2010-03-22

Fedora Security Update Fixes Libpng Denial of Service Vulnerability

>> 2010-03-22

Fedora Security Update Fixes dpkg Directory Traversal Vulnerability

>> 2010-03-22

Fedora Security Update Fixes Cpio Buffer Overflow Vulnerability

>> 2010-03-22

Fedora Security Update Fixes Smalltalk Libtool Untrusted Path Issue

More Informations