Vulnerabilities > CVE-2003-0487 - Unspecified vulnerability in Kerio Mailserver 5.6.3
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a long showuser parameter in the do_subscribe module, (2) a long folder parameter in the add_acl module, (3) a long folder parameter in the list module, and (4) a long user parameter in the do_map module.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description Kerio Mailserver 5.6.3 list Module Overflow. CVE-2003-0487. Dos exploit for linux platform id EDB-ID:22802 last seen 2016-02-02 modified 2003-06-18 published 2003-06-18 reporter David F.Madrid source https://www.exploit-db.com/download/22802/ title Kerio Mailserver 5.6.3 list Module Overflow description Kerio Mailserver 5.6.3 subscribe Module Overflow. CVE-2003-0487. Dos exploit for linux platform id EDB-ID:22800 last seen 2016-02-02 modified 2003-06-18 published 2003-06-18 reporter David F.Madrid source https://www.exploit-db.com/download/22800/ title Kerio Mailserver 5.6.3 subscribe Module Overflow description Kerio Mailserver 5.6.3 add_acl Module Overflow. CVE-2003-0487. Dos exploit for linux platform id EDB-ID:22801 last seen 2016-02-02 modified 2003-06-18 published 2003-06-18 reporter David F.Madrid source https://www.exploit-db.com/download/22801/ title Kerio Mailserver 5.6.3 add_acl Module Overflow description Kerio Mailserver 5.6.3 do_map Module Overflow. CVE-2003-0487 . Dos exploit for linux platform id EDB-ID:22803 last seen 2016-02-02 modified 2003-06-18 published 2003-06-18 reporter David F.Madrid source https://www.exploit-db.com/download/22803/ title Kerio Mailserver 5.6.3 do_map Module Overflow description Kerio MailServer 5.6.3 Remote Buffer Overflow Exploit. CVE-2003-0487. Remote exploit for linux platform id EDB-ID:46 last seen 2016-01-31 modified 2003-06-27 published 2003-06-27 reporter B-r00t source https://www.exploit-db.com/download/46/ title Kerio MailServer 5.6.3 - Remote Buffer Overflow Exploit
Nessus
NASL family | CGI abuses |
NASL id | KERIO_WEBMAIL_MULTIPLE_FLAWS.NASL |
description | The remote host is running version 5 of the Kerio MailServer. There are multiple flaws in this interface that could allow an attacker with a valid webmail account on this host to obtain a shell on this host or to perform a cross-site-scripting attack against this host with a version prior to 5.6.4. Versions of MailServer prior to 5.6.5 are also prone to a denial of service condition when an incorrect login to the admin console occurs. This could cause the server to crash. Versions of MailServer prior to 5.7.7 are prone to a remotely exploitable buffer overrun condition. This vulnerability exists in the spam filter component. If successfully exploited, this could permit remote attackers to execute arbitrary code in the context of the MailServer software. This could also cause a denial of service in the server. *** This might be a false positive, as Nessus did not have *** the proper credentials to determine if the remote Kerio *** is affected by this flaw. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11763 |
published | 2003-06-18 |
reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11763 |
title | Kerio WebMail < 5.7.7 Multiple Vulnerabilities |
code |
|
References
- http://marc.info/?l=bugtraq&m=105596982503760&w=2
- http://marc.info/?l=bugtraq&m=105596982503760&w=2
- http://nautopia.org/vulnerabilidades/kerio_mailserver.htm
- http://nautopia.org/vulnerabilidades/kerio_mailserver.htm
- http://www.securityfocus.com/bid/7967
- http://www.securityfocus.com/bid/7967
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12368
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12368