Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Operator » The "Shellshock" vulnerability
  •  
Vladimir Toncar (Kerio)

Messages: 1696
Karma: 39
Send a private message to this user
Hi,

This is an information about how the Shellshock vulnerability (CVE-2014-6271 and CVE-2014-7169) affects Kerio Operator.

Operator versions up to 2.3.2 are using the affected Bash (Bourne-Again Shell) internally. The vulnerability could be exploited by an attacker if the Operator's built-in DHCP server is enabled. Since DHCP is used in local networks, this requires that the attacker already has access to your LAN (which is very unlikely I hope).

Kerio will release a patched version of Operator early next week.

Meanwhile, this is what you can do:
* If you are using Operator's built-in DHCP server, check that it is not enabled on network interfaces directly connected to the public Internet. (You most likely have this right but better be careful.)

For information about other Kerio's products, see http://tinyurl.com/KerioShellShock

Vladimir

[Updated on: Wed, 15 October 2014 14:48]

Previous Topic: welcome message
Next Topic: Kerio Operator 2.3.2 Patch 1 ("Shellshock" fix)
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Feb 21 17:32:43 CET 2017

Total time taken to generate the page: 0.01686 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.