Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
From: Abraham Lincoln (sunninja_at_scientist.com)
Date: Mon Aug 19 2002 - 12:07:40 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

        Good Day. The information below is the same as the security advisory regarding kerio mail server. Thank YOU!

    NSSI-Research Labs Security Advisory


    "Maximum e-security"


    Kerio Mail Server 5.0 Multiple DOS and Cross-site scripting

    Author: Abraham Lincoln Hao / SunNinja

    e-Mail: Abrahamnssolution.com / SunNinjanssolution.com

    Advisory code: nssilabs-keriosecvuln

    Platform: Windows NT / 2000 / XP

    Vendor Status: No Response for 1 1/2 weeks after the notice.

    Vendors website: http://www.kerio.com

    Severity: High


        Kerio Mail Server 5.x is designed as a “secure mail server
    accessible from anywhere” . that offers the following features; POP3,
    SMTP, IMAP, Secure IMAP, POP3S, Web-mail, Secure Web-mail,
    Anti-virus, Mail back-up etc.. This is based on their web-site *wink*

    Kerio Mail Server for windows platform contains a multiple DOS and
    Cross-Site scripting scripting vulnerabilities in All mail services
    and Web mail module of the mail server This vulnerabilities could
    allow an attacker to disable the whole mail server services and
    allow malicious script to execute.

    1] Multiple DOS vulnerabilities with Kerio Mail Server services

        - By sending multiple "SYN" packet to every services of the mail
    server (POP3, SMTP, IMAP, Secure IMAP, POP3S, Web-mail, Secure
    Web-mail) it would stop the mail server services from responding.
    Sending minimum of 5 syn packet is enough to stop the service from
    responding and the service will be up again after several mins. This
    vulnerability consumes all resources of the system that forces the
    service to stop responding.

    2] Cross-Site Scripting vulnerabilities

        - Kerio's Web-Mail contains a Multiple Cross-site scripting
    vulnerabilities that could allow any user who's allowed to access the
    web-mail to execute Malicious scripts. Even Secure Web-mail is
    affected by this vulnerability.

    Affected links:

    http:// webmail>/login <---------- Frontpage of the webmail

    http:// webmail>/search

    http:// webmail>/settings

    http:// webmail>/new

    http:// webmail>/list

    http:// webmail>/logout


    1] Filter All Services and only allow trusted source inside the
    network ;] (Disable all services outside the network *nodz*)

    2] Cross-site scripting vulnerability workaround

              - Filter Port 80 and HTTPS and only allow those ports to be
    access locally to minimize the threat or use a Application-based
    Firewall to filter malicious scripting execution.

    Any Questions? Suggestions? or Comments? let us know

    e-mail: nssilabsnssolution.com / SunNinjanssolution.com /


    NSSI Technologies Inc.

    Sign-up for your own FREE Personalized E-mail at Mail.com