Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.0.11763 |
Kategorie: | Gain a shell remotely |
Titel: | Kerio WebMail v5 multiple flaws |
Zusammenfassung: | NOSUMMARY |
Beschreibung: | Description: The remote host is running version 5 of the Kerio MailServer. There are multiple flaws in this interface which may allow an attacker with a valid webmail account on this host to obtain a shell on this host or to perform a cross-site-scripting attack against this host with version prior to 5.6.4. Version of MailServer prior to 5.6.5 are also prone to a enial of service condition when an incorrect login to the admin console occurs. This could cause the server to crash. Version of MailServer prior to 5.7.7 is prone to a remotely exploitable buffer overrun condition. This vulnerability exists in the spam filter component. If successfully exploited, this could permit remote attackers to execute arbitrary code in the context of the MailServer software. This could also cause a denial of service in the server. *** This might be a false positive, as Nessus did not have *** the proper credentials to determine if the remote Kerio *** is affected by this flaw. Solution : Upgrade to Kerio MailServer 5.7.7 or newer Risk factor : High |
Querverweis: |
BugTraq ID: 5507 BugTraq ID: 7966 BugTraq ID: 7967 BugTraq ID: 7968 BugTraq ID: 8230 BugTraq ID: 9975 Common Vulnerability Exposure (CVE) ID: CVE-2002-1434 http://www.securityfocus.com/bid/5507 Bugtraq: 20020819 Kerio Mail Server Multiple Security Vulnerabilities (Google Search) http://archives.neohapsis.com/archives/bugtraq/2002-08/0183.html http://www.iss.net/security_center/static/9905.php Common Vulnerability Exposure (CVE) ID: CVE-2003-0487 http://www.securityfocus.com/bid/7967 Bugtraq: 20030618 Multiple buffer overflows and XSS in Kerio MailServer (Google Search) http://marc.info/?l=bugtraq&m=105596982503760&w=2 http://nautopia.org/vulnerabilidades/kerio_mailserver.htm XForce ISS Database: kerio-multiple-modules-bo(12368) https://exchange.xforce.ibmcloud.com/vulnerabilities/12368 Common Vulnerability Exposure (CVE) ID: CVE-2003-0488 http://www.securityfocus.com/bid/7966 http://www.securityfocus.com/bid/7968 XForce ISS Database: kerio-multiple-modules-xss(12367) https://exchange.xforce.ibmcloud.com/vulnerabilities/12367 |
Copyright | This script is Copyright (C) 2003 Tenable Network Security & Copyright (C) 2004 David Maciejak |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |