Info

Disclosure

Mar 09, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Kerio MailServer contains a flaw that may allow a remote denial of service. The issue is triggered when handling a malformed IMAP LOGIN command, and will result in loss of availability for the service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 6.1.3 Patch 1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Kerio Technologies, Inc.

MailServer

6.1.3

References

Security Tracker: 1015748
Bugtraq ID: 17043
Secunia Advisory ID: 19150
CVE ID: 2006-1158 (see also: NVD)
VUPEN Advisory: ADV-2006-0898
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-02/1427.html
Vendor Specific News/Changelog Entry: http://www.kerio.com/kms_history.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/23772