ISS X-Force Database: kerio-administration-port-dos(20337): Kerio MailServer, Personal, and WinRoute Firewall administration port denial of service

Kerio MailServer, Personal, and WinRoute Firewall administration port denial of service

kerio-administration-port-dos (20337)

Low Risk

Description:

Kerio MailServer, Kerio Personal Firewall, and Kerio WinRoute Firewall are vulnerable to a denial of service attack. A remote attacker, with access to the administration ports, 44333, 44334, and 44337 could send specially-crafted data to exceed the amount of connections allowed, resulting in a denial of service.

Platforms Affected:

Kerio, Kerio MailServer 6.0.8 and prior
Kerio, Kerio Personal Firewall (KPF) 4.1.2 and prior
Kerio, Kerio WinRoute Firewall 6.0.10 and prior

Remedy:

For Kerio MailServer:
Upgrade to the latest version of Kerio MailServer (6.0.9 or later), available from the Kerio MailServer Download Web page. See References.

For Kerio Personal Firewall:
Upgrade to the latest version of Kerio Personal Firewall (4.1.3 or later), available from the Kerio Personal Firewall Download Web page. See References.

For Kerio WinRoute Firewall:
Upgrade to the latest version of Kerio WinRoute Firewall (6.0.11 or later), available from the Kerio WinRoute Firewall Download Web page. See References.

Consequences:

Denial of Service

References:

Kerio MailServer Download Web page, Download at http://www.kerio.com/kms_download.html.
Kerio MailServer Download Web page, Download at http://www.kerio.com/kms_download.html.
Kerio Personal Firewall Download Web page, Kerio Personal Firewall at http://www.kerio.com/kpf_download.html.
Kerio WinRoute Firewall Download Web page, Download at http://www.kerio.com/kwf_download.html.
Secure Computer Group #20050429-2, Administration protocol abuse leads to Administration protocol abuse leads to at http://research.tic.udc.es/scg/advisories/20050429-2.txt.
BID-13458: Kerio Administration Port Denial of Service Vulnerability
CVE-2005-1063: The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to cause a denial of service (CPU consumption) via certain attacks that force the product to compute unexpected conditions and perform cryptographic operations.

Reported:

Apr 29, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page