|
Brought to you by:
Suppliers of:
|
|
|
| |
As a result of its collaboration relationship the Secure Computer Group (SCG) along with dotpi.com Research Labs have determined the following security issue on some Kerio Software.
Kerio WinRoute Firewall, Kerio ServerFirewall and Kerio MailServer are installed by default under 'Program Files' system folder. No change is done to the ACLs after the installation process. As a result, anyone belonging to the 'Power Users' system group would be able to modify binary files of services running as LOCALSYSTEM, drop malicious DLLs the plug-ins folder or perform any change on the XML files where the service settings are stored.
System administrators should enforce ACL security settings in order solve this problem. It is also highly recommended to verify this settings as part of the planning, installation, hardening and auditing processes.
New versions of the software solve this an other minor problems so it is upgrade its highly recommended. |
| |
Credit:
The information has been provided by Secure Computer Group.
The original article can be found at: http://research.tic.udc.es/scg/advisories/20041214-2.txt
|
| |
Vulnerable Systems:
* Kerio WinRoute Firewall version 6.0.8 and prior
* Kerio ServerFirewall version 1.0.0 and prior
* Kerio MailServer version 6.0.4 and prior
Immune Systems:
* Kerio WinRoute Firewall version 6.0.9
* Kerio ServerFirewall version 1.0.1
* Kerio MailServer version 6.0.5
CVE Information:
CAN-2004-1023
Solutions and recommendations:
Enforce the file system ACLs and/or upgrade to the latest versions:
* Kerio WinRoute Firewall 6.0.9
* Kerio ServerFirewall 1.0.1
* Kerio MailServer 6.0.5
As in any other case, follow, as much as possible, the Industry 'Best Practices' on Planning, Deployment and Operation on this kind of services.
|
|
|
|
|
