Kerio Administration Port Denial of Service Vulnerability
BID:13458
Info
Kerio Administration Port Denial of Service Vulnerability
| Bugtraq ID: | 13458 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2005-1063 |
| Remote: | Yes |
| Local: | No |
| Published: | May 02 2005 12:00AM |
| Updated: | Jul 12 2009 02:06PM |
| Credit: | Javier Munoz (Secure Computer Group) is credited with the discovery of this vulnerability. |
| Vulnerable: |
Kerio WinRoute Firewall 6.0.9 Kerio WinRoute Firewall 6.0.8 Kerio WinRoute Firewall 6.0.7 Kerio WinRoute Firewall 6.0.6 Kerio WinRoute Firewall 6.0.5 Kerio WinRoute Firewall 6.0.4 Kerio WinRoute Firewall 6.0.3 Kerio WinRoute Firewall 6.0.2 Kerio WinRoute Firewall 6.0.1 Kerio WinRoute Firewall 6.0 Kerio Personal Firewall 4.1.2 Kerio Personal Firewall 4.1.1 Kerio Personal Firewall 4.1 Kerio Personal Firewall 4.0.16 Kerio Personal Firewall 4.0.10 Kerio Personal Firewall 4.0.9 Kerio Personal Firewall 4.0.8 Kerio Personal Firewall 4.0.7 Kerio Personal Firewall 4.0.6 Kerio Mailserver 6.0.5 Kerio Mailserver 6.0.4 Kerio Mailserver 6.0.3 Kerio Mailserver 6.0.2 Kerio Mailserver 6.0.1 Kerio Mailserver 6.0 |
| Not Vulnerable: |
Kerio WinRoute Firewall 6.0.11 Kerio Personal Firewall 4.1.3 Kerio Mailserver 6.0.9 |
Discussion
Kerio Administration Port Denial of Service Vulnerability
Various Kerio products are vulnerable to a denial of service vulnerability with regards to the administration port.
This issue is due to a failure of the application to properly handle exceptional conditions with regards to specifically malformed data.
A remote attacker may leverage these issues, without requiring
authentication, to exhaust resources on an affected computer, effectively
denying service for legitimate users.
The vendor has addressed this issue in Kerio MailServer 6.0.9, Kerio
WinRoute Firewall 6.0.11, and Kerio Personal Firewall 4.1.3; earlier
versions of these products are reported vulnerable.
Various Kerio products are vulnerable to a denial of service vulnerability with regards to the administration port.
This issue is due to a failure of the application to properly handle exceptional conditions with regards to specifically malformed data.
A remote attacker may leverage these issues, without requiring
authentication, to exhaust resources on an affected computer, effectively
denying service for legitimate users.
The vendor has addressed this issue in Kerio MailServer 6.0.9, Kerio
WinRoute Firewall 6.0.11, and Kerio Personal Firewall 4.1.3; earlier
versions of these products are reported vulnerable.
Exploit / POC
Kerio Administration Port Denial of Service Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
Kerio Administration Port Denial of Service Vulnerability
Solution:
The vendor has addressed these issues:
Kerio Personal Firewall 4.0.10
Kerio Personal Firewall 4.0.16
Kerio Personal Firewall 4.0.6
Kerio Personal Firewall 4.0.7
Kerio Personal Firewall 4.0.8
Kerio Personal Firewall 4.0.9
Kerio Personal Firewall 4.1
Kerio Personal Firewall 4.1.1
Kerio Personal Firewall 4.1.2
Kerio Mailserver 6.0
Kerio WinRoute Firewall 6.0
Kerio Mailserver 6.0.1
Kerio WinRoute Firewall 6.0.1
Kerio Mailserver 6.0.2
Kerio WinRoute Firewall 6.0.2
Kerio Mailserver 6.0.3
Kerio WinRoute Firewall 6.0.3
Kerio Mailserver 6.0.4
Kerio WinRoute Firewall 6.0.4
Kerio Mailserver 6.0.5
Kerio WinRoute Firewall 6.0.5
Kerio WinRoute Firewall 6.0.6
Kerio WinRoute Firewall 6.0.7
Kerio WinRoute Firewall 6.0.8
Kerio WinRoute Firewall 6.0.9
Solution:
The vendor has addressed these issues:
Kerio Personal Firewall 4.0.10
-
Kerio Kerio Personal Firewall 4.1.3
http://www.kerio.com/kpf_download.html
Kerio Personal Firewall 4.0.16
-
Kerio Kerio Personal Firewall 4.1.3
http://www.kerio.com/kpf_download.html
Kerio Personal Firewall 4.0.6
-
Kerio Kerio Personal Firewall 4.1.3
http://www.kerio.com/kpf_download.html
Kerio Personal Firewall 4.0.7
-
Kerio Kerio Personal Firewall 4.1.3
http://www.kerio.com/kpf_download.html
Kerio Personal Firewall 4.0.8
-
Kerio Kerio Personal Firewall 4.1.3
http://www.kerio.com/kpf_download.html
Kerio Personal Firewall 4.0.9
-
Kerio Kerio Personal Firewall 4.1.3
http://www.kerio.com/kpf_download.html
Kerio Personal Firewall 4.1
-
Kerio Kerio Personal Firewall 4.1.3
http://www.kerio.com/kpf_download.html
Kerio Personal Firewall 4.1.1
-
Kerio Kerio Personal Firewall 4.1.3
http://www.kerio.com/kpf_download.html
Kerio Personal Firewall 4.1.2
-
Kerio Kerio Personal Firewall 4.1.3
http://www.kerio.com/kpf_download.html
Kerio Mailserver 6.0
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio WinRoute Firewall 6.0
-
Kerio WinRoute Firewall 6.0.11
http://www.kerio.com/kwf_download.html
Kerio Mailserver 6.0.1
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio WinRoute Firewall 6.0.1
-
Kerio WinRoute Firewall 6.0.11
http://www.kerio.com/kwf_download.html
Kerio Mailserver 6.0.2
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio WinRoute Firewall 6.0.2
-
Kerio WinRoute Firewall 6.0.11
http://www.kerio.com/kwf_download.html
Kerio Mailserver 6.0.3
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio WinRoute Firewall 6.0.3
-
Kerio WinRoute Firewall 6.0.11
http://www.kerio.com/kwf_download.html
Kerio Mailserver 6.0.4
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio WinRoute Firewall 6.0.4
-
Kerio WinRoute Firewall 6.0.11
http://www.kerio.com/kwf_download.html
Kerio Mailserver 6.0.5
-
Kerio Kerio MailServer 6.0.9
http://www.kerio.com/kms_download.html
Kerio WinRoute Firewall 6.0.5
-
Kerio WinRoute Firewall 6.0.11
http://www.kerio.com/kwf_download.html
Kerio WinRoute Firewall 6.0.6
-
Kerio WinRoute Firewall 6.0.11
http://www.kerio.com/kwf_download.html
Kerio WinRoute Firewall 6.0.7
-
Kerio WinRoute Firewall 6.0.11
http://www.kerio.com/kwf_download.html
Kerio WinRoute Firewall 6.0.8
-
Kerio WinRoute Firewall 6.0.11
http://www.kerio.com/kwf_download.html
Kerio WinRoute Firewall 6.0.9
-
Kerio WinRoute Firewall 6.0.11
http://www.kerio.com/kwf_download.html
References
Kerio Administration Port Denial of Service Vulnerability
References:
References:
- Administration protocol abuse leads to Service and System Denial of Service (Secure Computer Group)
- Kerio Homepage (Kerio)
- Kerio Personal Firewall Home Page (Kerio)
- WinRoute Firewall Product Page (Kerio)