Advisory number: KSEC-2007-07-24-01
Date: July 24, 2007
Severity: Medium (Denial of Service)
Name: Attachment filter DoS
Affected products: Kerio MailServer version 6.4.0 with enabled Attachment Filter. Attachment Filter is disabled by default. Previous versions are not affected.
Fix availability: The following product versions are not vulnerable: Kerio MailServer version 6.4.1 and higher.
Description: By sending a specially crafted email an attacker can cause the Kerio MailServer service to crash.
Workaround: Disable attachment filter (in Administration Console: Content Filter -> Attachment Filter).

Advisory number: KSEC-2006-10-12-01
Date: October 12, 2006
Severity: Medium (Denial of Service)
Name: Malformed DNS response DoS
Affected products: Kerio WinRoute Firewall up to version 6.2.2.
Fix availability: The following product versions are not vulnerable: Kerio WinRoute Firewall version 6.2.3 and higher.
Description: When a specifically malformed DNS response is received by the DNS forwarder in Kerio WinRoute Firewall, it can cause the Kerio WinRoute Firewall service to crash.

Advisory number: KSEC-2006-05-02-01
Date: May 2, 2006
Severity: Medium (Denial of Service)
Name: SMTP and POP3 protocol inspector DoS
Affected products: Kerio WinRoute Firewall up to version 6.2.0 patch 1.
Fix availability: The following product versions are not vulnerable: Kerio WinRoute Firewall version 6.2.1 and higher.
Description: By sending a malformed email via SMTP or by receiving such email by POP3, an attacker can cause the Kerio WinRoute Firewall service to crash.

Advisory number: KSEC-2006-03-09-01
Date: March 9, 2006
Severity: Medium (Denial of Service)
Name: IMAP Denial of Service
Affected products: Kerio MailServer up to version 6.1.3 unpatched.
Fix availability: The following product versions are not vulnerable: Kerio MailServer version 6.1.3 patch 1 and higher.
Description: By sending a malicious IMAP command, an attacker can cause the Kerio MailServer engine to crash.
Mitigating factors: Limit access to IMAP and IMAPS service from trusted IP�s (IMAP clients) only. It can be set directly in KMS Administration Console.
Credit: Michael Shvarts, GLEG Ltd.

Advisory number: KSEC-2005-10-07-01
Date: October 7, 2005
Severity: Low
Name: PEB lockout vulnerability
Affected products: Kerio Personal Firewall up to version 4.2.0, Kerio ServerFirewall up to version 1.1.1.
Fix availability: The following product versions are not vulnerable: Kerio Personal Firewall version 4.2.1, Kerio ServerFirewall 1.1.2 and higher.
Description: Kerio Personal Firewall and Kerio ServerFirewall are monitoring applications and their attempts to connect to the network. During this, they are reading PEB (Process Environment Block) of those applications. It is possible to create an application that will lock (mark as unaccessible) the memory page where its PEB resides before connecting to the network. Kerio Personal Firewall and Kerio ServerFirewall will read locked PEB without checking and cause a crash.
Mitigating factors: To exploit this vulnerability, the attacker needs an account on the computer and must be able to start malicious application.
Credit: Piotr Bania

Advisory number: KSEC-2005-04-29-01
Date: April 29, 2005
Severity: Medium
Name: Possibility of a brute force password attack
Affected products: Kerio WinRoute Firewall up to version 6.0.10, Kerio MailServer up to version 6.0.8, Kerio Personal Firewall up to version 4.1.2.
Fix availability: The following product versions are not vulnerable: Kerio WinRoute Firewall version 6.0.11 and higher, Kerio MailServer version 6.0.9 and higher, Kerio Personal Firewall version 4.1.3 and higher.
Description: The remote administration protocol in the affected products allows several login attempts over a single connection. This could be used to guess passwords up to 5 characters long using a brute force attack.
Mitigating factors: To exploit this vulnerability, the attacker needs access to the product administration ports (products can be configured to allow administration only from certain IP addresses). User login names must be previously known. Network effective bandwidth between the system and the attacker is also an important speed and success factor. Passwords consisting of 6 characters or longer are already safe - the attacker would need an extremely long time to succeed.
Credit: Javier Munoz of the Secure Computer Group, University of A Coruna, Spain.

Advisory number: KSEC-2005-04-29-02
Date: April 29, 2005
Severity: Medium
Name: Possibility of a denial of service attack
Affected products: Kerio WinRoute Firewall up to version 6.0.10, Kerio MailServer up to version 6.0.8, Kerio Personal Firewall up to version 4.1.2.
Fix availability: The following product versions are not vulnerable: Kerio WinRoute Firewall version 6.0.11 and higher, Kerio MailServer version 6.0.9 and higher, Kerio Personal Firewall version 4.1.3 and higher.
Description: The remote administration protocol in the affected products allows the repetition of certain pre-authentication protocol messages. This could be abused to consume CPU time with repeated message encryption and decryption and slow down the system if the attacker is able to send the messages at a sufficient rate.
Mitigating factors: To exploit this vulnerability, the attacker needs access to the product administration ports. A sufficient network bandwidth between the system and the attacker is required for the attack, as well as sufficient CPU power on the attacker's side.
Credit: Javier Munoz of the Secure Computer Group, University of A Coruna, Spain.

Advisory number: KSEC-2005-03-30-01
Date: March 30, 2004
Severity: Low
Name: Local application can bypass network rules
Affected products: Kerio Personal Firewall up to version 4.1.2
Fix availability: Version 4.1.3 and higher is not vulnerable.
Description: An attacker can craft a malicous application that can masquarade itself as a different application process and thus use that process�s credetials to access the network.
Mitigating factors: To exploit this vulnerability, the attacker must already have access to the local system so that he can launch the malicous application.
Credit: Petr Matousek, Masaryk University in Brno, Czech Republic.

Advisory number: KSEC-2004-12-14-01
Date: December 14, 2004
Severity: Low
Name: Less secure credential storage
Affected products: Kerio WinRoute Firewall up to version 6.0.6, Kerio MailServer up to version 6.0.4, Kerio ServerFirewall version 1.0.0.
Fix availability: The following product versions are not vulnerable: Kerio WinRoute Firewall version 6.0.7 and higher, Kerio MailServer version 6.0.5 and higher, Kerio ServerFirewall version 1.0.1 and higher.
Description: The user credential database in Kerio WinRoute Firewall, Kerio MailServer and Kerio ServerFirewall uses symmetric encryption to protect user passwords. A person with access to the configuration files could attempt to decrypt the passwords using a key hidden into the program logic.
Mitigating factors: To exploit this vulnerability, the attacker needs access to the user database files which is not a normal condition on a properly administered firewall or mail server.
Besides the local user database, other username/password verification methods are available in Kerio products and these methods are not vulnerable. In Kerio ServerFirewall, the local user database is not used by default and the user has to explicitly decide to use it.
Credit: Javier Munoz of the Secure Computer Group, University of A Coruna, Spain.

Advisory number: KSEC-2004-12-14-02
Date: December 14, 2004
Severity: Low
Name: Insecure default file system permissions
Affected products: Kerio WinRoute Firewall up to version 6.0.8, Kerio MailServer up to version 6.0.4, Kerio ServerFirewall version 1.0.0.
Fix availability: The following product version are not vulnerable: Kerio WinRoute Firewall version 6.0.9 and higher, Kerio MailServer version 6.0.5 and higher, Kerio ServerFirewall version 1.0.1 and higher.
Description: Kerio WinRoute Firewall, Kerio ServerFirewall, and the Windows version of Kerio MailServer are installed by default in the 'Program Files' system folder. No change is done to the file ACLs (access control lists) after the installation process. Because of that, anyone belonging to the 'Power Users' system group would be able to modify program binary files, drop malicious DLLs to the plug-ins folder or modify the product configuration files.
Mitigating factors: To exploit the vulnerability, the attacker would need to be a member of the 'Power Users' group. The vulnerability thus constitutes a risk in shared environments where several people with sufficient rights access the computer.
Credit: Javier Munoz of the Secure Computer Group, University of A Coruna, Spain.

Advisory number: KSEC-2004-12-13-01
Date: December 13, 2004
Severity: Medium
Name: Possible DNS cache poisoning
Affected products: Kerio WinRoute Firewall up to version 6.0.8
Fix availability: The following product versions are not vulnerable: Kerio WinRoute Firewall version 6.0.9 and higher.
Description: The Kerio WinRoute Firewall is equipped with a DNS cache. Up to version 6.0.8 of the firewall, DNS cache entries recorded from PTR queries (getting host name by its IP address) are later used for standard A queries (getting host IP address by its name). This behavior could be abused by an attacker to supply his own IP address for an otherwise valid server.

Advisory Number: KSEC-2004-11-04-01
Date: November 4, 2004
Severity: Denial of Service
Name: Malicious packet can cause 100% utilization and freeze of the system.
Affected products: Kerio Personal Firewall versions 4.0.0 thru 4.1.1
Fix availability: Version 4.1.2 and higher is not vulnerable.
Description: The bug allows an attacker to send a malicious packet causing 100% CPU utilization and total freeze of the system. Hard restart is necessary to recover from the freeze state (in most cases it means physical access to the affected computer).
Credit: eEye Digital Security

For technical support inquiries please use the following contacts:

Knowledge Base
Before contacting us, check our Knowledge Base. The information you need may already be there!

USA and worldwide
Phone: + 1 (408) 496-4500
Email: Open a Ticket

If for some reason you cannot use the Ticket Form, you can contact us by email at support@kerio.com.

Hours: 8am-5pm Monday-Friday PST (GMT-8)

UK and Europe
Phone: +44 1223 202 132
Email: Open a Ticket

Hours: 9am-5pm Monday-Friday GMT

If for some reason you cannot use the Ticket Form, you can contact us by email at support@kerio.co.uk.