Kerio MailServer WebMail Remote Resource Exhaustion Vulnerability
BID:13180
Info
Kerio MailServer WebMail Remote Resource Exhaustion Vulnerability
| Bugtraq ID: | 13180 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 14 2005 12:00AM |
| Updated: | Apr 14 2005 12:00AM |
| Credit: | This vulnerability was announced by the vendor. |
| Vulnerable: |
Kerio Mailserver 6.0.5 Kerio Mailserver 6.0.4 Kerio Mailserver 6.0.3 Kerio Mailserver 6.0.2 Kerio Mailserver 6.0.1 Kerio Mailserver 6.0 Kerio Mailserver 5.7.10 Kerio Mailserver 5.7.9 Kerio Mailserver 5.7.8 Kerio Mailserver 5.7.7 Kerio Mailserver 5.7.6 Kerio Mailserver 5.7.5 Kerio Mailserver 5.7.4 Kerio Mailserver 5.7.3 Kerio Mailserver 5.7.2 Kerio Mailserver 5.7.1 Kerio Mailserver 5.7 .0 Kerio Mailserver 5.6.5 Kerio Mailserver 5.6.4 Kerio Mailserver 5.6.3 Kerio Mailserver 5.1.1 Kerio Mailserver 5.1 Kerio Mailserver 5.0 |
| Not Vulnerable: |
Kerio Mailserver 6.0.9 |
Discussion
Kerio MailServer WebMail Remote Resource Exhaustion Vulnerability
Kerio MailServer is prone to a remote resource exhaustion vulnerability in the WebMail service. This issue is due to a failure of the application to properly handle exceptional conditions.
A remote attacker may leverage this issue to cause the affected application to hang, possibly denying service to legitimate users.
The vendor has addressed this issue in Kerio MailServer 6.0.9; earlier versions are reported vulnerable.
Kerio MailServer is prone to a remote resource exhaustion vulnerability in the WebMail service. This issue is due to a failure of the application to properly handle exceptional conditions.
A remote attacker may leverage this issue to cause the affected application to hang, possibly denying service to legitimate users.
The vendor has addressed this issue in Kerio MailServer 6.0.9; earlier versions are reported vulnerable.
Exploit / POC
Kerio MailServer WebMail Remote Resource Exhaustion Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Kerio MailServer WebMail Remote Resource Exhaustion Vulnerability
Solution:
The vendor has addressed this issue in Kerio MailServer 6.0.9.
Kerio Mailserver 5.0
Kerio Mailserver 5.1
Kerio Mailserver 5.1.1
Kerio Mailserver 5.6.3
Kerio Mailserver 5.6.4
Kerio Mailserver 5.6.5
Kerio Mailserver 5.7 .0
Kerio Mailserver 5.7.1
Kerio Mailserver 5.7.10
Kerio Mailserver 5.7.2
Kerio Mailserver 5.7.3
Kerio Mailserver 5.7.4
Kerio Mailserver 5.7.5
Kerio Mailserver 5.7.6
Kerio Mailserver 5.7.7
Kerio Mailserver 5.7.8
Kerio Mailserver 5.7.9
Kerio Mailserver 6.0
Kerio Mailserver 6.0.1
Kerio Mailserver 6.0.2
Kerio Mailserver 6.0.3
Kerio Mailserver 6.0.4
Kerio Mailserver 6.0.5
Solution:
The vendor has addressed this issue in Kerio MailServer 6.0.9.
Kerio Mailserver 5.0
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio Mailserver 5.1
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio Mailserver 5.1.1
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio Mailserver 5.6.3
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio Mailserver 5.6.4
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio Mailserver 5.6.5
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio Mailserver 5.7 .0
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio Mailserver 5.7.1
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio Mailserver 5.7.10
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio Mailserver 5.7.2
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio Mailserver 5.7.3
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio Mailserver 5.7.4
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio Mailserver 5.7.5
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio Mailserver 5.7.6
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio Mailserver 5.7.7
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio Mailserver 5.7.8
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio Mailserver 5.7.9
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio Mailserver 6.0
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio Mailserver 6.0.1
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio Mailserver 6.0.2
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio Mailserver 6.0.3
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio Mailserver 6.0.4
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio Mailserver 6.0.5
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
References
Kerio MailServer WebMail Remote Resource Exhaustion Vulnerability
References:
References:
- Kerio Homepage (Kerio)
- Kerio MailServer History (Kerio)