Insecure Default File System Permissions n Microsoft Versions of Kerio Software
16 Dec. 2004
Summary
As a result of its collaboration relationship the Secure Computer Group (SCG) along with dotpi.com Research Labs have determined the following security issue on some Kerio Software.
Kerio WinRoute Firewall, Kerio ServerFirewall and Kerio MailServer are installed by default under 'Program Files' system folder. No change is done to the ACLs after the installation process. As a result, anyone belonging to the 'Power Users' system group would be able to modify binary files of services running as LOCALSYSTEM, drop malicious DLLs the plug-ins folder or perform any change on the XML files where the service settings are stored.
System administrators should enforce ACL security settings in order solve this problem. It is also highly recommended to verify this settings as part of the planning, installation, hardening and auditing processes.
New versions of the software solve this an other minor problems so it is upgrade its highly recommended.
Vulnerable Systems:
* Kerio WinRoute Firewall version 6.0.8 and prior
* Kerio ServerFirewall version 1.0.0 and prior
* Kerio MailServer version 6.0.4 and prior
Immune Systems:
* Kerio WinRoute Firewall version 6.0.9
* Kerio ServerFirewall version 1.0.1
* Kerio MailServer version 6.0.5
