Vulnerabilities > CVE-2005-1138 - Unspecified vulnerability in Kerio Mailserver

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
kerio
nessus
NVD
Published: 2005-04-18
Updated: 2024-11-20

Summary

Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 allows remote attackers to cause a denial of service (CPU consumption) via certain e-mail messages.

Vulnerable Configurations

Part Description Count
Application
Kerio
23

Nessus

NASL familyDenial of Service
NASL idKERIO_WEBMAIL_609.NASL
descriptionAccording to its banner, the remote host is running a version of Kerio MailServer prior to 6.0.9. Such versions may be subject to hangs or high CPU usage when malformed email messages are viewed through its WebMail component. An attacker may be able leverage this issue to deny service to legitimate users simply by sending a specially crafted message and having that message viewed by someone using Kerio WebMail.
last seen2020-06-01
modified2020-06-02
plugin id18058
published2005-04-15
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18058
titleKerio MailServer Webmail Malformed Email Handling Resource Exhaustion DoS
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description) {
  script_id(18058);
  script_version("1.13");

  script_cve_id("CVE-2005-1138");
  script_bugtraq_id(13180);

  script_name(english:"Kerio MailServer Webmail Malformed Email Handling Resource Exhaustion DoS");
 
 script_set_attribute(attribute:"synopsis", value:
"The remote mail server is prone to a denial of service attack." );
 script_set_attribute(attribute:"description", value:
"According to its banner, the remote host is running a version of Kerio
MailServer prior to 6.0.9.  Such versions may be subject to hangs or
high CPU usage when malformed email messages are viewed through its
WebMail component.  An attacker may be able leverage this issue to deny
service to legitimate users simply by sending a specially crafted
message and having that message viewed by someone using Kerio WebMail." );
 script_set_attribute(attribute:"see_also", value:"http://www.kerio.com/kms_history.html" );
 script_set_attribute(attribute:"solution", value:
"Upgrade to Kerio MailServer 6.0.9 or newer." );
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_set_attribute(attribute:"plugin_publication_date", value: "2005/04/15");
 script_set_attribute(attribute:"vuln_publication_date", value: "2005/04/13");
 script_cvs_date("Date: 2018/07/12 19:01:15");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe",value:"cpe:/a:kerio:kerio_mailserver");
script_end_attributes();

 
  script_summary(english:"Checks for Kerio MailServer < 6.0.9");
  script_category(ACT_GATHER_INFO);
  script_family(english:"Denial of Service");
  script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
  script_dependencies("smtpserver_detect.nasl", "http_version.nasl");
  script_require_ports("Services/smtp", 25, "Services/www", 80);

  exit(0);
}

include("global_settings.inc");
include("smtp_func.inc");
include("misc_func.inc");
include("http.inc");


# Try to get the web server's banner.
ports_l = get_kb_list("Services/www");
foreach port (ports_l)
{
banner = get_http_banner(port:port);
if (
  banner && 
  egrep(pattern:"^Server: Kerio MailServer ([0-5].*|6\.0\.[0-8])", string:banner)
) {
  security_hole(port);
  exit(0);
}
}

# If that failed, try to get the version from the SMTP server.
ports_l = get_kb_list("Services/smtp");
ports_l = add_port_in_list(list: ports_l, port: 25);
foreach port (ports_l)
{
banner = get_smtp_banner(port:port);
if (
  banner && 
  egrep(pattern:"^220 .* Kerio MailServer ([0-5].*|6\.0\.[0-8]) ESMTP ready", string:banner)
) {
  security_hole(port);
  exit(0);
}
}

References