Search criteria
12 vulnerabilities found for serverfirewall by kerio
VAR-200501-0046
Vulnerability from variot - Updated: 2023-12-18 13:35Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration. Kerio Mailserver is prone to a local security vulnerability. Kerio is a security software company that offers a variety of security software. __________
Secure Computer Group - University of A Coruna
http://research.tic.udc.es/scg/
-- x --
dotpi.com Information Technologies Research Labs
http://www.dotpi.com
ID: #20041214-2 Document title: Insecure default file system permissions on Microsoft versions of Kerio Software
Document revision: 1.0
Coordinated release date: 2004/12/14 Vendor Acknowledge date: 2004/11/10 Reported date: 2004/11/08
CVE Name: CAN-2004-1023
Other references: N/A
Summary:
Impact: Privilege escalation System sofware tampering Trojan injection Second-stage attack vector Alter configuration files
Rating/Severity: Low Recommendation: Update to latest version Enforce file system ACLs
Vendor: Kerio Technologies Inc.
Affected software: Kerio WinRoute Firewall (all versions) Kerio ServerFirewall (all versions) Kerio MailServer (all windows versions)
Updates/Patches: Yes (see below)
General Information:
-
Executive summary: ------------------
As a result of its collaboration relationship the Secure Computer Group (SCG) along with dotpi.com Research Labs have determined the following security issue on some Kerio Software.
Kerio WinRoute Firewall, Kerio ServerFirewall and Kerio MailServer are installed by default under 'Program Files' system folder. No change is done to the ACLs after the installation process.
System administrators should enforce ACL security settings in order solve this problem. It is also highly recommended to verify this settings as part of the planning, installation, hardening and auditing processes.
New versions of the software solve this an other minor problems so it is upgrade its highly recommended.
-
Technical details: ------------------
Following the latest trends and approaches to responsible disclosure, SCG and dotpi.com are going to withhold details of this flaw for three months.
Full details will be published on 2005/03/14. This three month window will allow system administrators the time needed to obtain the patch before the details are released to the general public.
-
Risk Assessment factors: ------------------------
The attacker would need local interactive access to the installation directory. Remote access is also possible but default system settings do not make this easy.
The most risky scenarios are the ones in which the server machine is shared among two or more users or those situations where Kerio service management have been delegated to a third party any other than local or domain system administrator.
Special care should be taken on such environments and every step of the project: design, planning, deployment and management should consider this security issues.
Privilege escalation, system and software tampering and the ability to alter service configuration are all real issues and all of them can be used as a second stage attack vector.
-
Solutions and recommendations: ------------------------------
Enforce the file system ACLs and/or upgrade to the latest versions:
o Kerio Winroute Firewall 6.0.9 o Kerio ServerFirewall 1.0.1 o Kerio MailServer 6.0.5As in any other case, follow, as much as possible, the Industry 'Best Practices' on Planning, Deployment and Operation on this kind of services.
-
Common Vulnerabilities and Exposures (CVE) project: ---------------------------------------------------
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2004-1023 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
Acknowledgements:
-
Special thanks to Vladimir Toncar and Pavel Dobry and the whole Technical Team from Kerio Technologies (support at kerio.com) for their quick response and professional handling on this issue.
-
The whole Research Lab at dotpi.com and specially to Carlos Veira for his leadership and support.
-
Secure Computer Group at University of A Coruna (scg at udc.es), and specially to Antonino Santos del Riego powering new research paths at University of a Coruna.
Credits:
Javier Munoz (Secure Computer Group) is credited with this discovery.
Related Links:
[1] Kerio Technologies Inc. http://www.kerio.com/
[2] Kerio WinRoute Firewall Downloads & Updates http://www.kerio.com/kwf_download.html
[3] Kerio ServerFirewall Downloads & Updates http://www.kerio.com/ksf_download.html
[4] Kerio MailServer Downloads & Updates http://www.kerio.com/kms_download.html
[5] Secure Computer Group. University of A Coruna http://research.tic.udc.es/scg/
[6] Secure Computer Group. Updated advisory http://research.tic.udc.es/scg/advisories/20041214-2.txt
[7] dotpi.com Information Technologies S.L. http://www.dotpi.com/
[8] dotpi.com Research Labs http://www.dotpi.com/research/
Legal notice:
Copyright (c) 2002-2004 Secure Computer Group. University of A Coruna Copyright (c) 2004 dotpi.com Information Technologies S.L.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of the authors.
If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please contact the authors for explicit written permission at the following e-mail addresses: (scg at udc.es) and (info at dotpi.com).
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200501-0046",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.0"
},
{
"model": "serverfirewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "1.0.0"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.0"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.6"
}
],
"sources": [
{
"db": "BID",
"id": "90583"
},
{
"db": "NVD",
"id": "CVE-2004-1023"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-129"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:6.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:6.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:serverfirewall:1.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:6.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:6.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:6.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:6.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:6.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:6.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:6.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1023"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "90583"
}
],
"trust": 0.3
},
"cve": "CVE-2004-1023",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-9453",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-1023",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200501-129",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-9453",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9453"
},
{
"db": "NVD",
"id": "CVE-2004-1023"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-129"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration. Kerio Mailserver is prone to a local security vulnerability. Kerio is a security software company that offers a variety of security software. ______________________________________________________________________\n\n\n Secure Computer Group - University of A Coruna\n http://research.tic.udc.es/scg/\n\n -- x --\n\n dotpi.com Information Technologies Research Labs\n http://www.dotpi.com\n\n______________________________________________________________________\n\nID: #20041214-2\nDocument title: Insecure default file system permissions on\n Microsoft versions of Kerio Software \n\nDocument revision: 1.0\n\nCoordinated release date: 2004/12/14\nVendor Acknowledge date: 2004/11/10\nReported date: 2004/11/08\n\nCVE Name: CAN-2004-1023\n\nOther references: N/A\n______________________________________________________________________\n\nSummary:\n\n Impact: Privilege escalation\n System sofware tampering\n Trojan injection\n Second-stage attack vector\n Alter configuration files\n\n Rating/Severity: Low\n Recommendation: Update to latest version\n Enforce file system ACLs\n\n Vendor: Kerio Technologies Inc. \n\n Affected software: Kerio WinRoute Firewall (all versions)\n Kerio ServerFirewall (all versions)\n Kerio MailServer (all windows versions)\n\n Updates/Patches: Yes (see below)\n______________________________________________________________________\n\nGeneral Information:\n\n 1. Executive summary:\n ------------------\n\n As a result of its collaboration relationship the Secure Computer\n Group (SCG) along with dotpi.com Research Labs have determined\n the following security issue on some Kerio Software. \n\n Kerio WinRoute Firewall, Kerio ServerFirewall and Kerio MailServer\n are installed by default under \u0027Program Files\u0027 system folder. No\n change is done to the ACLs after the installation process. \n\n System administrators should enforce ACL security settings in\n order solve this problem. It is also highly recommended to\n verify this settings as part of the planning, installation,\n hardening and auditing processes. \n\n New versions of the software solve this an other minor problems\n so it is upgrade its highly recommended. \n\n\n 2. Technical details:\n ------------------\n\n Following the latest trends and approaches to responsible\n disclosure, SCG and dotpi.com are going to withhold details of\n this flaw for three months. \n\n Full details will be published on 2005/03/14. This three month\n window will allow system administrators the time needed to\n obtain the patch before the details are released to the general\n public. \n\n\n 3. Risk Assessment factors:\n ------------------------\n\n The attacker would need local interactive access to the\n installation directory. Remote access is also possible but\n default system settings do not make this easy. \n\n The most risky scenarios are the ones in which the server machine\n is shared among two or more users or those situations where Kerio\n service management have been delegated to a third party any other\n than local or domain system administrator. \n\n Special care should be taken on such environments and every step\n of the project: design, planning, deployment and management\n should consider this security issues. \n\n Privilege escalation, system and software tampering and the\n ability to alter service configuration are all real issues and\n all of them can be used as a second stage attack vector. \n\n\n 4. Solutions and recommendations:\n ------------------------------\n\n Enforce the file system ACLs and/or upgrade to the latest\n versions:\n\n \to Kerio Winroute Firewall 6.0.9\n \t\n \to Kerio ServerFirewall 1.0.1\n\n \to Kerio MailServer 6.0.5\n\n As in any other case, follow, as much as possible, the Industry\n \u0027Best Practices\u0027 on Planning, Deployment and Operation on this\n kind of services. \n\n\n 5. Common Vulnerabilities and Exposures (CVE) project:\n ---------------------------------------------------\n\n The Common Vulnerabilities and Exposures (CVE) project has\n assigned the name CAN-2004-1023 to this issue. This is a\n candidate for inclusion in the CVE list (http://cve.mitre.org),\n which standardizes names for security problems. \n\n______________________________________________________________________\n\nAcknowledgements:\n\n 1. Special thanks to Vladimir Toncar and Pavel Dobry and the whole\n Technical Team from Kerio Technologies (support at kerio.com)\n for their quick response and professional handling on this issue. \n\n 3. The whole Research Lab at dotpi.com and specially to Carlos Veira\n for his leadership and support. \n\n 3. Secure Computer Group at University of A Coruna (scg at udc.es),\n and specially to Antonino Santos del Riego powering new research\n paths at University of a Coruna. \n\n______________________________________________________________________\n\nCredits:\n\n Javier Munoz (Secure Computer Group) is credited with this discovery. \n\n______________________________________________________________________\n\nRelated Links:\n\n [1] Kerio Technologies Inc. \n http://www.kerio.com/\n\n [2] Kerio WinRoute Firewall Downloads \u0026 Updates\n http://www.kerio.com/kwf_download.html\n\n [3] Kerio ServerFirewall Downloads \u0026 Updates\n http://www.kerio.com/ksf_download.html\n\n [4] Kerio MailServer Downloads \u0026 Updates\n http://www.kerio.com/kms_download.html\n\n [5] Secure Computer Group. University of A Coruna\n http://research.tic.udc.es/scg/\n\n [6] Secure Computer Group. Updated advisory\n http://research.tic.udc.es/scg/advisories/20041214-2.txt\n\n [7] dotpi.com Information Technologies S.L. \n http://www.dotpi.com/\n\n [8] dotpi.com Research Labs\n http://www.dotpi.com/research/\n\n______________________________________________________________________\n\nLegal notice:\n\n Copyright (c) 2002-2004 Secure Computer Group. University of A Coruna\n Copyright (c) 2004 dotpi.com Information Technologies S.L. \n\n Permission is granted for the redistribution of this alert\n electronically. It may not be edited in any way without the express\n written consent of the authors. \n\n If you wish to reprint the whole or any part of this alert in any\n other medium other than electronically, please contact the authors\n for explicit written permission at the following e-mail addresses:\n (scg at udc.es) and (info at dotpi.com). \n\n Disclaimer: The information in the advisory is believed to be\n accurate at the time of publishing based on currently available\n information. Use of the information constitutes acceptance for use\n in an AS IS condition. \n\n There are no warranties with regard to this information. Neither the\n author nor the publisher accepts any liability for any direct,\n indirect, or consequential loss or damage arising from use of, or\n reliance on, this information. \n_____________________________________________________________________\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1023"
},
{
"db": "BID",
"id": "90583"
},
{
"db": "VULHUB",
"id": "VHN-9453"
},
{
"db": "PACKETSTORM",
"id": "35332"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-1023",
"trust": 2.1
},
{
"db": "XF",
"id": "18471",
"trust": 0.9
},
{
"db": "BUGTRAQ",
"id": "20041214 [CAN-2004-1023] INSECURE DEFAULT FILE SYSTEM PERMISSIONS ON MICROSOFT VERSIONS OF KERIO SOFTWARE",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200501-129",
"trust": 0.6
},
{
"db": "BID",
"id": "90583",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "35332",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-9453",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9453"
},
{
"db": "BID",
"id": "90583"
},
{
"db": "PACKETSTORM",
"id": "35332"
},
{
"db": "NVD",
"id": "CVE-2004-1023"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-129"
}
]
},
"id": "VAR-200501-0046",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-9453"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:35:45.175000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1023"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18471"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=110305387813002\u0026w=2"
},
{
"trust": 0.9,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=110305387813002\u0026w=2"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/18471"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=110305387813002\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/"
},
{
"trust": 0.1,
"url": "http://www.dotpi.com/"
},
{
"trust": 0.1,
"url": "http://www.dotpi.com"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/kwf_download.html"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/ksf_download.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-1023"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/kms_download.html"
},
{
"trust": 0.1,
"url": "http://research.tic.udc.es/scg/advisories/20041214-2.txt"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://www.dotpi.com/research/"
},
{
"trust": 0.1,
"url": "http://research.tic.udc.es/scg/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9453"
},
{
"db": "BID",
"id": "90583"
},
{
"db": "PACKETSTORM",
"id": "35332"
},
{
"db": "NVD",
"id": "CVE-2004-1023"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-129"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-9453"
},
{
"db": "BID",
"id": "90583"
},
{
"db": "PACKETSTORM",
"id": "35332"
},
{
"db": "NVD",
"id": "CVE-2004-1023"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-129"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-9453"
},
{
"date": "2005-01-10T00:00:00",
"db": "BID",
"id": "90583"
},
{
"date": "2004-12-30T07:19:43",
"db": "PACKETSTORM",
"id": "35332"
},
{
"date": "2005-01-10T05:00:00",
"db": "NVD",
"id": "CVE-2004-1023"
},
{
"date": "2005-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200501-129"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-9453"
},
{
"date": "2005-01-10T00:00:00",
"db": "BID",
"id": "90583"
},
{
"date": "2017-07-11T01:30:40.277000",
"db": "NVD",
"id": "CVE-2004-1023"
},
{
"date": "2006-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200501-129"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "90583"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-129"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Multiple software Weak security mechanism vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200501-129"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200501-129"
}
],
"trust": 0.6
}
}
VAR-200501-0045
Vulnerability from variot - Updated: 2023-12-18 13:30Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software. Kerio WinRoute Firewall, Kerio ServerFirewall, and Kerio MailServer are all reported prone to a design flaw. It is reported that these products store credentials in a local database store, these credentials are obscured using an unspecified symmetric encryption algorithm. Reports indicate that a universal secret key is employed to extract plain text from the credential hashes; this presents a security risk because the universal secret key is stored in the WinRoute Firewall, Kerio ServerFirewall, and Kerio MailServer binaries. Kerio is an Internet security software company whose main products include firewall and mail system. __________
Secure Computer Group - University of A Coruna
http://research.tic.udc.es/scg/
-- x --
dotpi.com Information Technologies Research Labs
http://www.dotpi.com
ID: #20041214-1 Document title: Insecure Credential Storage on Kerio Software Document revision: 1.0
Coordinated release date: 2004/12/14 Vendor Acknowledge date: 2004/10/06 Reported date: 2004/10/01
CVE Name: CAN-2004-1022
Other references: N/A
Summary:
Impact: Insecure Credential Storage Rating/Severity: Medium Recommendation: Update to latest version
Vendor: Kerio Technologies Inc.
Affected software: Kerio WinRoute Firewall (all versions) Kerio ServerFirewall (all versions) Kerio MailServer (all versions)
Updates/Patches: Yes (see below)
General Information:
-
Executive summary: ------------------
As a result of its collaboration relationship the Secure Computer Group (SCG) along with dotpi.com Research Labs have determined this security issue on Kerio WinRoute Firewall (KWF), Kerio ServerFirewall (KSF) and Kerio MailServer (KMS).
Anyone with a cyphertext of this database (that is, with access to the configuration files) could reverse the encryption using a universal secret key hidden into the program logic.
New versions of the software solve this and other minor problems so it is upgrade its highly recommended.
-
Technical details: ------------------
Following the latest trends and approaches to responsible disclosure, SCG and dotpi.com are going to withhold details of this flaw for three months.
Full details will be published on 2005/03/14. This three month window will allow system administrators the time needed to obtain the patch before the details are released to the general public.
-
Risk Assessment factors: ------------------------
The attacker needs access to the user database, which is not normally a usual condition on a properly hardened firewall and/or mail server.
Despite this, special care should be taken on shared environments where more than one technical staff work together on the firewall and/or the mail server. This kind of scenarios offer a potential opportunity for the insiders on the work of stealing identities and, therefore, breaking access control measures.
It is also important to note that this could be an important second-stage resource for a successful attacker on an already compromised firewall and/or mail server.
-
Solutions and recommendations: ------------------------------
Upgrade to the latest versions:
o Kerio Winroute Firewall 6.0.9 o Kerio ServerFirewall 1.0.1 o Kerio MailServer 6.0.5As in any other case, follow, as much as possible, the Industry 'Best Practices' on Planning, Deployment and Operation on this kind of services.
Note:
Kerio Winroute Firewall 6.0.7 fixed CAN-2004-1022. Kerio Winroute Firewall 6.0.9 is the current version fixing CAN-2004-1022 and CAN-2004-1023
-
Common Vulnerabilities and Exposures (CVE) project: ---------------------------------------------------
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2004-1022 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
Acknowledgements:
-
Special thanks to Vladimir Toncar and Pavel Dobry and the whole Technical Team from Kerio Technologies (support at kerio.com) for their quick response and professional handling on this issue.
-
The whole Research Lab at dotpi.com and specially to Carlos Veira for his leadership and support.
-
Secure Computer Group at University of A Coruna (scg at udc.es), and specially to Antonino Santos del Riego powering new research paths at University of a Coruna.
Credits:
Javier Munoz (Secure Computer Group) is credited with this discovery.
Related Links:
[1] Kerio Technologies Inc. http://www.kerio.com/
[2] Kerio WinRoute Firewall Downloads & Updates http://www.kerio.com/kwf_download.html
[3] Kerio ServerFirewall Downloads & Updates http://www.kerio.com/ksf_download.html
[4] Kerio MailServer Downloads & Updates http://www.kerio.com/kms_download.html
[5] Secure Computer Group. University of A Coruna http://research.tic.udc.es/scg/
[6] Secure Computer Group. Updated advisory http://research.tic.udc.es/scg/advisories/20041214-1.txt
[7] dotpi.com Information Technologies S.L. http://www.dotpi.com/
[8] dotpi.com Research Labs http://www.dotpi.com/research/
Legal notice:
Copyright (c) 2002-2004 Secure Computer Group. University of A Coruna Copyright (c) 2004 dotpi.com Information Technologies S.L.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of the authors.
If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please contact the authors for explicit written permission at the following e-mail addresses: (scg at udc.es) and (info at dotpi.com).
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition.
There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200501-0045",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "6.0"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.10"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.1.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.1.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.1.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.1.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "5.1.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.10"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.9"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.8"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.7"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.6"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.5"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.4"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.3"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.2"
},
{
"model": "winroute firewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0.1"
},
{
"model": "serverfirewall",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "1.0"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.4"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.3"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "6.0"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.7.10"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.7.9"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.7.8"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.7.7"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.7.6"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.7.5"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.7.4"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.7.3"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.7.2"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.7.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.7.0"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.6.5"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.6.4"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.6.3"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.1"
},
{
"model": "mailserver",
"scope": "eq",
"trust": 1.3,
"vendor": "kerio",
"version": "5.0"
},
{
"model": "winroute firewall",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.9"
},
{
"model": "serverfirewall",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "1.0.1"
},
{
"model": "mailserver",
"scope": "ne",
"trust": 0.3,
"vendor": "kerio",
"version": "6.0.5"
}
],
"sources": [
{
"db": "BID",
"id": "11930"
},
{
"db": "NVD",
"id": "CVE-2004-1022"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-095"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:5.6.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:5.6.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:5.7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:5.7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:6.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:serverfirewall:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:5.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:5.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:5.1.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:5.1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:6.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:5.7.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:5.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:5.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:5.6.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:5.7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:5.7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:6.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:6.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:5.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:5.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:5.1.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:5.1.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:6.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:5.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:6.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:5.0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:5.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:5.1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:5.1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:5.1.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:5.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:6.0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:6.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:5.7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:5.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:5.7.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:kerio_mailserver:5.7.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:5.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:5.0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:5.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:5.1.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:5.1.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:6.0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:winroute_firewall:6.0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1022"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery of this vulnerability is credited to Secure Computer Group \u003cscg@udc.es\u003e.",
"sources": [
{
"db": "BID",
"id": "11930"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-095"
}
],
"trust": 0.9
},
"cve": "CVE-2004-1022",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-9452",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-1022",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200501-095",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-9452",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9452"
},
{
"db": "NVD",
"id": "CVE-2004-1022"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-095"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software. Kerio WinRoute Firewall, Kerio ServerFirewall, and Kerio MailServer are all reported prone to a design flaw. It is reported that these products store credentials in a local database store, these credentials are obscured using an unspecified symmetric encryption algorithm. Reports indicate that a universal secret key is employed to extract plain text from the credential hashes; this presents a security risk because the universal secret key is stored in the WinRoute Firewall, Kerio ServerFirewall, and Kerio MailServer binaries. Kerio is an Internet security software company whose main products include firewall and mail system. ______________________________________________________________________\n\n\n Secure Computer Group - University of A Coruna\n http://research.tic.udc.es/scg/\n\n -- x --\n\n dotpi.com Information Technologies Research Labs\n http://www.dotpi.com\n\n______________________________________________________________________\n\nID: #20041214-1\nDocument title: Insecure Credential Storage on Kerio\n Software\nDocument revision: 1.0\n\nCoordinated release date: 2004/12/14\nVendor Acknowledge date: 2004/10/06\nReported date: 2004/10/01\n\nCVE Name: CAN-2004-1022\n\nOther references: N/A\n______________________________________________________________________\n\nSummary:\n\n Impact: Insecure Credential Storage\n Rating/Severity: Medium\n Recommendation: Update to latest version\n\n Vendor: Kerio Technologies Inc. \n\n Affected software: Kerio WinRoute Firewall (all versions)\n Kerio ServerFirewall (all versions)\n Kerio MailServer (all versions)\n\n Updates/Patches: Yes (see below)\n______________________________________________________________________\n\nGeneral Information:\n\n 1. Executive summary:\n ------------------\n\n As a result of its collaboration relationship the Secure Computer\n Group (SCG) along with dotpi.com Research Labs have determined\n this security issue on Kerio WinRoute Firewall (KWF), Kerio\n ServerFirewall (KSF) and Kerio MailServer (KMS). \n\n Anyone with a cyphertext of this database (that is, with access to\n the configuration files) could reverse the encryption using a\n universal secret key hidden into the program logic. \n\n New versions of the software solve this and other minor problems\n so it is upgrade its highly recommended. \n\n\n 2. Technical details:\n ------------------\n\n Following the latest trends and approaches to responsible\n disclosure, SCG and dotpi.com are going to withhold details of\n this flaw for three months. \n\n Full details will be published on 2005/03/14. This three month\n window will allow system administrators the time needed to\n obtain the patch before the details are released to the general\n public. \n\n\n 3. Risk Assessment factors:\n ------------------------\n\n The attacker needs access to the user database, which is not\n normally a usual condition on a properly hardened firewall and/or\n mail server. \n\n Despite this, special care should be taken on shared environments\n where more than one technical staff work together on the firewall\n and/or the mail server. This kind of scenarios offer a potential\n opportunity for the insiders on the work of stealing identities\n and, therefore, breaking access control measures. \n\n It is also important to note that this could be an important\n second-stage resource for a successful attacker on an already\n compromised firewall and/or mail server. \n\n\n 4. Solutions and recommendations:\n ------------------------------\n\n Upgrade to the latest versions:\n\n \to Kerio Winroute Firewall 6.0.9\n\n \to Kerio ServerFirewall 1.0.1\n\n \to Kerio MailServer 6.0.5\n\n As in any other case, follow, as much as possible, the Industry\n \u0027Best Practices\u0027 on Planning, Deployment and Operation on this\n kind of services. \n\n Note:\n\n Kerio Winroute Firewall 6.0.7 fixed CAN-2004-1022. Kerio Winroute\n Firewall 6.0.9 is the current version fixing CAN-2004-1022 and\n CAN-2004-1023\n\n\n 5. Common Vulnerabilities and Exposures (CVE) project:\n ---------------------------------------------------\n\n The Common Vulnerabilities and Exposures (CVE) project has\n assigned the name CAN-2004-1022 to this issue. This is a\n candidate for inclusion in the CVE list (http://cve.mitre.org),\n which standardizes names for security problems. \n\n______________________________________________________________________\n\nAcknowledgements:\n\n 1. Special thanks to Vladimir Toncar and Pavel Dobry and the whole\n Technical Team from Kerio Technologies (support at kerio.com)\n for their quick response and professional handling on this issue. \n\n 3. The whole Research Lab at dotpi.com and specially to Carlos Veira\n for his leadership and support. \n\n 3. Secure Computer Group at University of A Coruna (scg at udc.es),\n and specially to Antonino Santos del Riego powering new research\n paths at University of a Coruna. \n\n______________________________________________________________________\n\nCredits:\n\n Javier Munoz (Secure Computer Group) is credited with this discovery. \n\n______________________________________________________________________\n\nRelated Links:\n\n [1] Kerio Technologies Inc. \n http://www.kerio.com/\n\n [2] Kerio WinRoute Firewall Downloads \u0026 Updates\n http://www.kerio.com/kwf_download.html\n\n [3] Kerio ServerFirewall Downloads \u0026 Updates\n http://www.kerio.com/ksf_download.html\n\n [4] Kerio MailServer Downloads \u0026 Updates\n http://www.kerio.com/kms_download.html\n\n [5] Secure Computer Group. University of A Coruna\n http://research.tic.udc.es/scg/\n\n [6] Secure Computer Group. Updated advisory\n http://research.tic.udc.es/scg/advisories/20041214-1.txt\n\n [7] dotpi.com Information Technologies S.L. \n http://www.dotpi.com/\n\n [8] dotpi.com Research Labs\n http://www.dotpi.com/research/\n\n______________________________________________________________________\n\nLegal notice:\n\n Copyright (c) 2002-2004 Secure Computer Group. University of A Coruna\n Copyright (c) 2004 dotpi.com Information Technologies S.L. \n\n Permission is granted for the redistribution of this alert\n electronically. It may not be edited in any way without the express\n written consent of the authors. \n\n If you wish to reprint the whole or any part of this alert in any\n other medium other than electronically, please contact the authors\n for explicit written permission at the following e-mail addresses:\n (scg at udc.es) and (info at dotpi.com). \n\n Disclaimer: The information in the advisory is believed to be\n accurate at the time of publishing based on currently available\n information. Use of the information constitutes acceptance for use\n in an AS IS condition. \n\n There are no warranties with regard to this information. Neither the\n author nor the publisher accepts any liability for any direct,\n indirect, or consequential loss or damage arising from use of, or\n reliance on, this information. \n_____________________________________________________________________\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1022"
},
{
"db": "BID",
"id": "11930"
},
{
"db": "VULHUB",
"id": "VHN-9452"
},
{
"db": "PACKETSTORM",
"id": "35331"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-1022",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-200501-095",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20041214 [CAN-2004-1022] INSECURE CREDENTIAL STORAGE ON KERIO SOFTWARE",
"trust": 0.6
},
{
"db": "XF",
"id": "18470",
"trust": 0.6
},
{
"db": "BID",
"id": "11930",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "35331",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-9452",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9452"
},
{
"db": "BID",
"id": "11930"
},
{
"db": "PACKETSTORM",
"id": "35331"
},
{
"db": "NVD",
"id": "CVE-2004-1022"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-095"
}
]
},
"id": "VAR-200501-0045",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-9452"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:30:58.637000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1022"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18470"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=110304957607578\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/18470"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=110304957607578\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
},
{
"trust": 0.3,
"url": "http://www.kerio.com/kms_history.html"
},
{
"trust": 0.3,
"url": "http://www.kerio.com/ksf_history.html"
},
{
"trust": 0.3,
"url": "http://www.kerio.com/kwf_history.html"
},
{
"trust": 0.3,
"url": "/archive/1/384375"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=110304957607578\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2004-1022"
},
{
"trust": 0.1,
"url": "http://www.dotpi.com/"
},
{
"trust": 0.1,
"url": "http://www.dotpi.com"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/kwf_download.html"
},
{
"trust": 0.1,
"url": "http://research.tic.udc.es/scg/advisories/20041214-1.txt"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/ksf_download.html"
},
{
"trust": 0.1,
"url": "http://www.kerio.com/kms_download.html"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://www.dotpi.com/research/"
},
{
"trust": 0.1,
"url": "http://research.tic.udc.es/scg/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9452"
},
{
"db": "BID",
"id": "11930"
},
{
"db": "PACKETSTORM",
"id": "35331"
},
{
"db": "NVD",
"id": "CVE-2004-1022"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-095"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-9452"
},
{
"db": "BID",
"id": "11930"
},
{
"db": "PACKETSTORM",
"id": "35331"
},
{
"db": "NVD",
"id": "CVE-2004-1022"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-095"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-01-10T00:00:00",
"db": "VULHUB",
"id": "VHN-9452"
},
{
"date": "2004-12-14T00:00:00",
"db": "BID",
"id": "11930"
},
{
"date": "2004-12-30T07:17:55",
"db": "PACKETSTORM",
"id": "35331"
},
{
"date": "2005-01-10T05:00:00",
"db": "NVD",
"id": "CVE-2004-1022"
},
{
"date": "2005-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200501-095"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-9452"
},
{
"date": "2009-07-12T09:26:00",
"db": "BID",
"id": "11930"
},
{
"date": "2017-07-11T01:30:40.217000",
"db": "NVD",
"id": "CVE-2004-1022"
},
{
"date": "2006-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200501-095"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "11930"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-095"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Multiple products Weak encryption vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200501-095"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "11930"
},
{
"db": "CNNVD",
"id": "CNNVD-200501-095"
}
],
"trust": 0.9
}
}
VAR-200510-0113
Vulnerability from variot - Updated: 2023-12-18 12:53The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the "PEB lockout vulnerability.". Kerio Personal Firewall and ServerFirewall are prone to a local denial of service vulnerability. Reports indicate that the FWDRV driver does not verify access to memory associated with the Process Environment Block (PEB) of the application. An attacker can trigger fatal exceptions and cause the firewall process to terminate. A denial of service condition in the firewall can expose computers to further attacks. Kerio Personal Firewall and Server Firewall are easy-to-use firewall products. Kerio Personal Firewall and Server Firewall are easy-to-use firewall products. When parsing the PEB, FWDRV does not check whether the memory is accessible, that is to say, if the attacker can set PAGE_NOACCESS or PAGE_GUARD protection on the PEB, it will cause an exception and the machine will blue screen of death. This can be exploited to crash the system via a malicious application that locks the memory page where its PEB resides before connecting to the network. * Kerio ServerFirewall version 1.1.1 and prior.
SOLUTION: Kerio Personal Firewall: Update to version 4.2.1 or later.
Kerio ServerFirewall: Update to version 1.1.2 or later.
PROVIDED AND/OR DISCOVERED BY: Piotr Bania
ORIGINAL ADVISORY: Kerio: http://www.kerio.com/security_advisory.html
Piotr Bania: http://pb.specialised.info/all/adv/kerio-fwdrv-dos-adv.txt
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200510-0113",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "serverfirewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "1.1.1"
},
{
"model": "personal firewall",
"scope": "eq",
"trust": 1.9,
"vendor": "kerio",
"version": "4.2"
}
],
"sources": [
{
"db": "BID",
"id": "15094"
},
{
"db": "NVD",
"id": "CVE-2005-3286"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-180"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:kerio:personal_firewall:4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:kerio:serverfirewall:1.1.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3286"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Piotr Bania bania.piotr@gmail.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-180"
}
],
"trust": 0.6
},
"cve": "CVE-2005-3286",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-14495",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-3286",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200510-180",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-14495",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14495"
},
{
"db": "NVD",
"id": "CVE-2005-3286"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-180"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the \"PEB lockout vulnerability.\". Kerio Personal Firewall and ServerFirewall are prone to a local denial of service vulnerability. \nReports indicate that the FWDRV driver does not verify access to memory associated with the Process Environment Block (PEB) of the application. An attacker can trigger fatal exceptions and cause the firewall process to terminate. \nA denial of service condition in the firewall can expose computers to further attacks. Kerio Personal Firewall and Server Firewall are easy-to-use firewall products. Kerio Personal Firewall and Server Firewall are easy-to-use firewall products. When parsing the PEB, FWDRV does not check whether the memory is accessible, that is to say, if the attacker can set PAGE_NOACCESS or PAGE_GUARD protection on the PEB, it will cause an exception and the machine will blue screen of death. This can be exploited to crash the system via a malicious\napplication that locks the memory page where its PEB resides before\nconnecting to the network. \n* Kerio ServerFirewall version 1.1.1 and prior. \n\nSOLUTION:\nKerio Personal Firewall:\nUpdate to version 4.2.1 or later. \n\nKerio ServerFirewall:\nUpdate to version 1.1.2 or later. \n\nPROVIDED AND/OR DISCOVERED BY:\nPiotr Bania\n\nORIGINAL ADVISORY:\nKerio:\nhttp://www.kerio.com/security_advisory.html\n\nPiotr Bania:\nhttp://pb.specialised.info/all/adv/kerio-fwdrv-dos-adv.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3286"
},
{
"db": "BID",
"id": "15094"
},
{
"db": "VULHUB",
"id": "VHN-14495"
},
{
"db": "PACKETSTORM",
"id": "40706"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "15094",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "17155",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "19961",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2005-3286",
"trust": 1.7
},
{
"db": "SREASON",
"id": "78",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200510-180",
"trust": 0.7
},
{
"db": "FULLDISC",
"id": "20051013 KERIO PERSONAL FIREWALL AND KERIO SERVER FIREWALL FWDRV DRIVER LOCAL DENIAL OF SERVICE",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-14495",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "40706",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14495"
},
{
"db": "BID",
"id": "15094"
},
{
"db": "PACKETSTORM",
"id": "40706"
},
{
"db": "NVD",
"id": "CVE-2005-3286"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-180"
}
]
},
"id": "VAR-200510-0113",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14495"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:53:36.792000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-3286"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.kerio.com/security_advisory.html"
},
{
"trust": 1.8,
"url": "http://pb.specialised.info/all/adv/kerio-fwdrv-dos-adv.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/15094"
},
{
"trust": 1.7,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-october/037958.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/19961"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/17155"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/78"
},
{
"trust": 1.1,
"url": "http://seclists.org/bugtraq/2005/oct/166"
},
{
"trust": 0.3,
"url": "http://www.kerio.com"
},
{
"trust": 0.3,
"url": "/archive/1/413253"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/1493/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/17155/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2653/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/4378/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/2654/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14495"
},
{
"db": "BID",
"id": "15094"
},
{
"db": "PACKETSTORM",
"id": "40706"
},
{
"db": "NVD",
"id": "CVE-2005-3286"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-180"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-14495"
},
{
"db": "BID",
"id": "15094"
},
{
"db": "PACKETSTORM",
"id": "40706"
},
{
"db": "NVD",
"id": "CVE-2005-3286"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-180"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-10-23T00:00:00",
"db": "VULHUB",
"id": "VHN-14495"
},
{
"date": "2005-10-13T00:00:00",
"db": "BID",
"id": "15094"
},
{
"date": "2005-10-14T22:19:03",
"db": "PACKETSTORM",
"id": "40706"
},
{
"date": "2005-10-23T10:02:00",
"db": "NVD",
"id": "CVE-2005-3286"
},
{
"date": "2005-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200510-180"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-14495"
},
{
"date": "2005-10-13T00:00:00",
"db": "BID",
"id": "15094"
},
{
"date": "2012-12-13T02:43:26.673000",
"db": "NVD",
"id": "CVE-2005-3286"
},
{
"date": "2012-12-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200510-180"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "15094"
},
{
"db": "PACKETSTORM",
"id": "40706"
},
{
"db": "CNNVD",
"id": "CNNVD-200510-180"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kerio Personal firewall and server firewall PEB lockout Denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-180"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200510-180"
}
],
"trust": 0.6
}
}
FKIE_CVE-2005-3286
Vulnerability from fkie_nvd - Published: 2005-10-23 10:02 - Updated: 2025-04-03 01:03
Severity ?
Summary
The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the "PEB lockout vulnerability."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kerio | personal_firewall | 4.2 | |
| kerio | serverfirewall | 1.1.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kerio:personal_firewall:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6682610C-1564-48E3-A364-76B6F5369F02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:serverfirewall:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F8E562F-0F18-4D4A-87D4-C8CE55C085ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the \"PEB lockout vulnerability.\""
}
],
"id": "CVE-2005-3286",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-23T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/037958.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://pb.specialised.info/all/adv/kerio-fwdrv-dos-adv.txt"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/bugtraq/2005/Oct/166"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17155"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/78"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.kerio.com/security_advisory.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/19961"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/037958.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://pb.specialised.info/all/adv/kerio-fwdrv-dos-adv.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/bugtraq/2005/Oct/166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/78"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.kerio.com/security_advisory.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/19961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15094"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-1023
Vulnerability from fkie_nvd - Published: 2005-01-10 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kerio | kerio_mailserver | 6.0.0 | |
| kerio | kerio_mailserver | 6.0.1 | |
| kerio | kerio_mailserver | 6.0.2 | |
| kerio | kerio_mailserver | 6.0.3 | |
| kerio | kerio_mailserver | 6.0.4 | |
| kerio | serverfirewall | 1.0.0 | |
| kerio | winroute_firewall | 6.0.0 | |
| kerio | winroute_firewall | 6.0.1 | |
| kerio | winroute_firewall | 6.0.2 | |
| kerio | winroute_firewall | 6.0.3 | |
| kerio | winroute_firewall | 6.0.4 | |
| kerio | winroute_firewall | 6.0.5 | |
| kerio | winroute_firewall | 6.0.6 | |
| kerio | winroute_firewall | 6.0.7 | |
| kerio | winroute_firewall | 6.0.8 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA7CEE3-7D36-4F9D-8AC6-3F4C55D360CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "937A6092-48C9-4721-B069-0B46D3520E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F38A0AAC-ACA8-44D3-B36A-741D01BE166F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08AE0CAA-B5A4-4E3A-B997-A2858E88CCC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E9AC0D46-2096-4006-8FED-A67AFCE2ED98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:serverfirewall:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38642D5D-7875-4D1D-9F99-3E101FC00964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE72890F-2421-4A6B-A8F1-4325F824A93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE079B94-A8C6-41E7-98B1-29A4DE4F66EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94AC89E5-8B9C-4C6B-8976-6A4A6F922858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B99A154-D3C6-4B1C-BEC9-7D1AEAFCAC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0ADAAD5F-3286-464E-A309-9454EE9A663F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1437DE-E19A-4C2C-9077-DB1FF48772C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0089BE-856D-4998-BBFE-1F626A43377E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE81F49-05CE-4987-90C0-B6D077B65DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "650E19BC-6545-45E9-BE2B-0900323C80C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration."
},
{
"lang": "es",
"value": "Kerio Winroute Firewall anteriores a 6.0.9, Server Firewall anteriores a 1.0.1, y MailServer anteriores a 6.0.5, cuando se instala en sistemas basados en Windows, no modifica las listas de control de acceso (ACL) de ficheros cr\u00edticos, lo que permite a usuarios locales con privilegios de \"Usuarios Avanzados\" modificar programas, instalar DLLs maliciosas en la carpeta de plug-ins y modificar ficheros XML relacionados con la configuraci\u00f3n."
}
],
"id": "CVE-2004-1023",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-10T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110305387813002\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18471"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110305387813002\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18471"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-1022
Vulnerability from fkie_nvd - Published: 2005-01-10 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B7D26DCD-85B0-4908-A414-119862437C28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B58BAF1-CF68-4F8C-8BCD-FF3C015FE72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0B9C9084-B518-44F2-9F65-032A644FEC61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F55CFA68-E07E-46CE-87F6-00AE9A268CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "58ECCE69-EAB9-427E-8922-F463E184C9F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "20E50A0F-7AFF-4F17-8833-839DDBD538C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9063B23B-E585-41E4-98FF-DF18602C6E6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6CB993B9-0CF5-4E71-A612-F3033F4F202B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B079207-FAF3-4FE2-B420-342440958C48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8A82C0BC-50D5-4FAC-A654-387B49CB7047",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC1748E-32F0-4144-A597-89E8B8705FFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "39C92F3B-23E3-4978-89AA-FC17B8EDF580",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7B1FA201-CBCF-4D61-9848-F661A16EBEF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2154DF-2306-4E8B-B78A-1BF20E697157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "79C4389A-4BF4-4C38-8FF5-72B92548EFB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "67230E76-2C30-4038-BC5B-BAC02EDDFAC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:5.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FAEA1EB3-5F4F-40D6-833C-225AC348760D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EC515E75-119E-4CB9-985E-00E6A9349178",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "937A6092-48C9-4721-B069-0B46D3520E36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F38A0AAC-ACA8-44D3-B36A-741D01BE166F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "08AE0CAA-B5A4-4E3A-B997-A2858E88CCC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:kerio_mailserver:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E9AC0D46-2096-4006-8FED-A67AFCE2ED98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:serverfirewall:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CB482850-6F0E-484A-B7CA-B8CBCBDBBC8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E6E5A18A-572A-4914-8AC7-AEF02C760574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2B5158D0-ED2B-4716-8A81-385562566A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F53C7737-404A-4EB3-9A1B-0091116D8CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C4A47DCB-50D3-4CC0-874C-39FF8D09B2EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FE437407-E9D3-41A7-B5BF-62CD861B3830",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "810364F5-B6FA-47A2-A5DE-F886CEF1ED70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FEE280A4-C218-4D2F-88E3-718F19F0E4B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A591237E-DBA8-42F3-B4A2-BFD537AE0A20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC5DAFA-24B9-4C5D-8F7B-9DDDDFAA2342",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E56C041A-5D92-4B7F-9962-A083E883EA8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7223D79B-F096-4265-8D80-F5A41E5A1B1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9F17CE-B48E-45A2-BFC9-0D27AF032F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7D33CD1F-105E-43CC-B135-76E0AC8CACD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "95F501CC-BD8E-460F-9251-B492C979676E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B84BE69E-9760-4ABE-A8C6-C96AD4ACB56A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:5.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "BD36E240-FDBB-4EB8-B2C2-7B59715EEDF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:5.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD7AF9A-54CD-4D15-9D41-D740CC48FF1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:5.1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C6D7D55B-887B-479D-9067-0CE457C25561",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:5.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "705BC91B-4583-418D-BF68-B219BC04EB42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:5.1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9E1D191B-ACAF-4871-B553-A55F99827EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7727351-0ED7-45DD-82DE-0FEE92699927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "563E83E1-74C0-4312-A5C5-0223ADE55F65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EE079B94-A8C6-41E7-98B1-29A4DE4F66EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:6.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94AC89E5-8B9C-4C6B-8976-6A4A6F922858",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:6.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B99A154-D3C6-4B1C-BEC9-7D1AEAFCAC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:6.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0ADAAD5F-3286-464E-A309-9454EE9A663F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:6.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BE1437DE-E19A-4C2C-9077-DB1FF48772C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:6.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D0089BE-856D-4998-BBFE-1F626A43377E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:6.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE81F49-05CE-4987-90C0-B6D077B65DD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kerio:winroute_firewall:6.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "650E19BC-6545-45E9-BE2B-0900323C80C1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software."
},
{
"lang": "es",
"value": "Kerio Winroute Firewall anteriores a 6.0.7, ServerFirewall anteriores a 1.0.1, y MailServer anteriores a 6.0.5 usan cifrado sim\u00e9trico para contrase\u00f1as de usuario, lo que permite a atacantes descifrar la base de datos de usuarios y obtener las contrase\u00f1as extrayendo la clave secreta del software."
}
],
"id": "CVE-2004-1022",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-01-10T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110304957607578\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110304957607578\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18470"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2005-3286 (GCVE-0-2005-3286)
Vulnerability from cvelistv5 – Published: 2005-10-23 04:00 – Updated: 2024-08-07 23:10
VLAI?
Summary
The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the "PEB lockout vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:07.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "78",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/78"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pb.specialised.info/all/adv/kerio-fwdrv-dos-adv.txt"
},
{
"name": "15094",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15094"
},
{
"name": "19961",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19961"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kerio.com/security_advisory.html"
},
{
"name": "17155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17155"
},
{
"name": "20051013 Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2005/Oct/166"
},
{
"name": "20051013 Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/037958.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the \"PEB lockout vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-04T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "78",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/78"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pb.specialised.info/all/adv/kerio-fwdrv-dos-adv.txt"
},
{
"name": "15094",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15094"
},
{
"name": "19961",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19961"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kerio.com/security_advisory.html"
},
{
"name": "17155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17155"
},
{
"name": "20051013 Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2005/Oct/166"
},
{
"name": "20051013 Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/037958.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the \"PEB lockout vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "78",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/78"
},
{
"name": "http://pb.specialised.info/all/adv/kerio-fwdrv-dos-adv.txt",
"refsource": "MISC",
"url": "http://pb.specialised.info/all/adv/kerio-fwdrv-dos-adv.txt"
},
{
"name": "15094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15094"
},
{
"name": "19961",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19961"
},
{
"name": "http://www.kerio.com/security_advisory.html",
"refsource": "CONFIRM",
"url": "http://www.kerio.com/security_advisory.html"
},
{
"name": "17155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17155"
},
{
"name": "20051013 Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2005/Oct/166"
},
{
"name": "20051013 Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/037958.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3286",
"datePublished": "2005-10-23T04:00:00",
"dateReserved": "2005-10-23T00:00:00",
"dateUpdated": "2024-08-07T23:10:07.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1022 (GCVE-0-2004-1022)
Vulnerability from cvelistv5 – Published: 2004-12-15 05:00 – Updated: 2024-08-08 00:38
VLAI?
Summary
Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:38:59.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20041214 [CAN-2004-1022] Insecure Credential Storage on Kerio Software",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110304957607578\u0026w=2"
},
{
"name": "kerio-weak-encryption(18470)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20041214 [CAN-2004-1022] Insecure Credential Storage on Kerio Software",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110304957607578\u0026w=2"
},
{
"name": "kerio-weak-encryption(18470)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041214 [CAN-2004-1022] Insecure Credential Storage on Kerio Software",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110304957607578\u0026w=2"
},
{
"name": "kerio-weak-encryption(18470)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1022",
"datePublished": "2004-12-15T05:00:00",
"dateReserved": "2004-11-05T00:00:00",
"dateUpdated": "2024-08-08T00:38:59.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1023 (GCVE-0-2004-1023)
Vulnerability from cvelistv5 – Published: 2004-12-15 05:00 – Updated: 2024-08-08 00:39
VLAI?
Summary
Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "kerio-insecure-permissions(18471)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18471"
},
{
"name": "20041214 [CAN-2004-1023] Insecure default file system permissions on Microsoft versions of Kerio Software",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110305387813002\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "kerio-insecure-permissions(18471)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18471"
},
{
"name": "20041214 [CAN-2004-1023] Insecure default file system permissions on Microsoft versions of Kerio Software",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110305387813002\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "kerio-insecure-permissions(18471)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18471"
},
{
"name": "20041214 [CAN-2004-1023] Insecure default file system permissions on Microsoft versions of Kerio Software",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110305387813002\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1023",
"datePublished": "2004-12-15T05:00:00",
"dateReserved": "2004-11-05T00:00:00",
"dateUpdated": "2024-08-08T00:39:00.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3286 (GCVE-0-2005-3286)
Vulnerability from nvd – Published: 2005-10-23 04:00 – Updated: 2024-08-07 23:10
VLAI?
Summary
The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the "PEB lockout vulnerability."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:07.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "78",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/78"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://pb.specialised.info/all/adv/kerio-fwdrv-dos-adv.txt"
},
{
"name": "15094",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15094"
},
{
"name": "19961",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19961"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kerio.com/security_advisory.html"
},
{
"name": "17155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17155"
},
{
"name": "20051013 Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2005/Oct/166"
},
{
"name": "20051013 Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/037958.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the \"PEB lockout vulnerability.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-04-04T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "78",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/78"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://pb.specialised.info/all/adv/kerio-fwdrv-dos-adv.txt"
},
{
"name": "15094",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15094"
},
{
"name": "19961",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19961"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kerio.com/security_advisory.html"
},
{
"name": "17155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17155"
},
{
"name": "20051013 Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2005/Oct/166"
},
{
"name": "20051013 Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/037958.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall 1.1.1 allows local users to cause a denial of service (crash) by setting the PAGE_NOACCESS or PAGE_GUARD protection on the Page Environment Block (PEB), which triggers an exception, aka the \"PEB lockout vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "78",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/78"
},
{
"name": "http://pb.specialised.info/all/adv/kerio-fwdrv-dos-adv.txt",
"refsource": "MISC",
"url": "http://pb.specialised.info/all/adv/kerio-fwdrv-dos-adv.txt"
},
{
"name": "15094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15094"
},
{
"name": "19961",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19961"
},
{
"name": "http://www.kerio.com/security_advisory.html",
"refsource": "CONFIRM",
"url": "http://www.kerio.com/security_advisory.html"
},
{
"name": "17155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17155"
},
{
"name": "20051013 Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2005/Oct/166"
},
{
"name": "20051013 Kerio Personal Firewall and Kerio Server Firewall FWDRV driver Local Denial of Service",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/037958.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3286",
"datePublished": "2005-10-23T04:00:00",
"dateReserved": "2005-10-23T00:00:00",
"dateUpdated": "2024-08-07T23:10:07.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1022 (GCVE-0-2004-1022)
Vulnerability from nvd – Published: 2004-12-15 05:00 – Updated: 2024-08-08 00:38
VLAI?
Summary
Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:38:59.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20041214 [CAN-2004-1022] Insecure Credential Storage on Kerio Software",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110304957607578\u0026w=2"
},
{
"name": "kerio-weak-encryption(18470)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18470"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20041214 [CAN-2004-1022] Insecure Credential Storage on Kerio Software",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110304957607578\u0026w=2"
},
{
"name": "kerio-weak-encryption(18470)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18470"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041214 [CAN-2004-1022] Insecure Credential Storage on Kerio Software",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110304957607578\u0026w=2"
},
{
"name": "kerio-weak-encryption(18470)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18470"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1022",
"datePublished": "2004-12-15T05:00:00",
"dateReserved": "2004-11-05T00:00:00",
"dateUpdated": "2024-08-08T00:38:59.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1023 (GCVE-0-2004-1023)
Vulnerability from nvd – Published: 2004-12-15 05:00 – Updated: 2024-08-08 00:39
VLAI?
Summary
Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:39:00.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "kerio-insecure-permissions(18471)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18471"
},
{
"name": "20041214 [CAN-2004-1023] Insecure default file system permissions on Microsoft versions of Kerio Software",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110305387813002\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "kerio-insecure-permissions(18471)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18471"
},
{
"name": "20041214 [CAN-2004-1023] Insecure default file system permissions on Microsoft versions of Kerio Software",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110305387813002\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "kerio-insecure-permissions(18471)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18471"
},
{
"name": "20041214 [CAN-2004-1023] Insecure default file system permissions on Microsoft versions of Kerio Software",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110305387813002\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1023",
"datePublished": "2004-12-15T05:00:00",
"dateReserved": "2004-11-05T00:00:00",
"dateUpdated": "2024-08-08T00:39:00.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}