Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio Connect and Bash vulnerability (ShellShock) (Details about CVE-2014-6271 and CVE-2014-7169 and their impact on Kerio Connect)
  •  
Pavel Dobry (Kerio)

Messages: 5186
Karma: 245
Send a private message to this user
The shellshock vulnerability (aka CVE-2014-6271 and CVE-2014-7169) is a security bug affecting Unix-like operating systems through the bash shell. Many Linux distributions, and Mac OS X include the affected GNU Bash version. An attacker can exploit the vulnerability via remote shell access, or through any application that may execute bash scripts. The vulnerability could allow a remote attacker to execute arbitrary code.

Details about this vulnerability and its impact on Kerio products can be found at http://tinyurl.com/KerioShellShock

[Updated on: Tue, 17 November 2015 17:31]


Knowledge Base: http://kb.kerio.com/.
Technical support: http://www.kerio.com/support
------------------
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
neilticktin

Messages: 27
Karma: -2
Send a private message to this user
It appears there's now a SMTP version of Shellshock. See article at:
http://www.zdnet.com/shellshock-attacks-mail-servers-7000035 094/?s_cid=e589&ttag=e589&ftag=TREc64629f

Do we expect this is an issue that will affect Kerio?
  •  
Pavel Dobry (Kerio)

Messages: 5186
Karma: 245
Send a private message to this user
Kerio Connect does not run ANY process with user-supplied data. So by design it is not vulnerable to Shellshock.
We only updated underlying Linux system in our virtual appliance in case that the customer is running other non-Kerio services there.

Knowledge Base: http://kb.kerio.com/.
Technical support: http://www.kerio.com/support
------------------
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
neilticktin

Messages: 27
Karma: -2
Send a private message to this user
Excellent. Thanks for the confirmation!
Previous Topic: cross platform calendar aharing problem
Next Topic: Public Folder / Calendar not visible from other domain on same server
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Mar 27 18:25:37 CEST 2017

Total time taken to generate the page: 0.00909 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.