Reported August 19, 2002, by Abraham Lincoln Hao.

VERSION AFFECTED

·         Kerio MailServer 5.0 for Windows XP/2000/NT

DESCRIPTION

Multiple vulnerabilities exist in Kerio MailServer 5.0 for Windows that could result in a Denial of Service (DoS) or cross-site scripting scenario. Sending at least five SYN packets to any of a mail server's services (i.e., POP3, SMTP, IMAP, Secure IMAP, POP3S, Web-mail, and secure Web-mail services) can result in that service not responding; however, the service will be available again after several minutes. An attack that exploits this vulnerability consumes all system resources. Several URLs provided in the Web-mail function allow cross-site scripting, which could let any user who has Web-mail access execute malicious scripts. The following URLs are vulnerable:

·         http://localhost//login

·         http://localhost//search

·         http://localhost//settings

·         http://localhost//new

·         http://localhost//list

·         http://localhost//logout

VENDOR RESPONSE

The vendor, Kerio Technologies, has been notified but has not yet released a patch for these vulnerabilities.

CREDIT
Discovered by Abraham Lincoln Hao of NSSI Research Labs.