• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Kerio Administration Port Denial of Service Vulnerability

Various Kerio products are vulnerable to a denial of service vulnerability with regards to the administration port.

This issue is due to a failure of the application to properly handle exceptional conditions with regards to specifically malformed data.

A remote attacker may leverage these issues, without requiring
authentication, to exhaust resources on an affected computer, effectively
denying service for legitimate users.

The vendor has addressed this issue in Kerio MailServer 6.0.9, Kerio
WinRoute Firewall 6.0.11, and Kerio Personal Firewall 4.1.3; earlier
versions of these products are reported vulnerable.