Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Kerio Control vulnerable ? Stack Clash ? (https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash)
  •  
areichmann

Messages: 83
Karma: 4
Send a private message to this user
I will open a ticket and give u updates !
https://blog.qualys.com/securitylabs/2017/06/19/the-stack-cl ash

thanks for info @columbia

[Updated on: Sat, 24 June 2017 09:11]

  •  
Columbia

Messages: 31
Karma: 1
Send a private message to this user
They waited! Users find bugs and vulnerabilities in the product. Waiting for an urgent response from the developers! When will the fix?
  •  
Columbia

Messages: 31
Karma: 1
Send a private message to this user
Need any reaction or answer from Kerio support!
  •  
Heather P (Kerio)

Messages: 55
Karma: 2
Send a private message to this user
Thanks for posting on this topic. GFI Software have been paying attention to the Stack Clash vulnerability. I didn't see any updates here yet. so I can provide you a summary of our findings.

This is a vulnerability that could potentially affect products like Kerio's products that run on a LInux server. However, to exploit the vulnerability, it would require that an attacker finds a way to execute code to run on the Linux server itself. If an attacker found a way to do this, it could be an issue. However, the blocker to doing this hackers is finding a way to get that code on the Linux server, which they should not be able to do.

For servers / workstations that run code from different / multiple users, it is more of a risk. Other users could either be malicious themselves, or give away access to the server to others intentionally or unknowingly.

Our assessment of the Stack Clash vulnerability for Kerio products is that is low risk, but high impact. Due to the high impact, we are taking action and will ensure we build our products using the recommended safeguards to ensure that all memory areas being used by our applications are protected with safeguards to ensure that, under no circumstances there could be this type of clash. Each product will have this protection added in the next release.

Heather Paunet
VP, Product Marketing

  •  
Columbia

Messages: 31
Karma: 1
Send a private message to this user
When Kerio Developers will publish the next release of Kerio Control? Since the last version 9.2.2 more than 4 months have passed! Web administration works bad in web browsers (Google Chrome, IE 11) because of changes in web engines. And so on...
  •  
areichmann

Messages: 83
Karma: 4
Send a private message to this user
Getting same E-Mail every week from support since end of june.

Quote:
I apologize for the delay in resolving your issue, our development team is still investigating this. As soon as I have any further updates from them I will let you know.
  •  
Heather P (Kerio)

Messages: 55
Karma: 2
Send a private message to this user
Hi, an update on what's coming with Kerio Control ....

We do have a 9.2.3 release planned for later this month which is a quality release. We'll make an announcement and let you know the changelog for that as we get to the release.


Heather Paunet
VP, Product Marketing

  •  
areichmann

Messages: 83
Karma: 4
Send a private message to this user
Hi Heather,

no fix in 9.2.3 !?!
  •  
Columbia

Messages: 31
Karma: 1
Send a private message to this user
I haven't found any info about this vulnerability in release of 9.2.3. Only see a lot of new bugs in this version.
http://www.kerio.ru/support/kerio-control/release-history/
http://forums.kerio.com/t/32842//
  •  
areichmann

Messages: 83
Karma: 4
Send a private message to this user
Last response from Support today

Quote:
Dear ,

I apologize for the delay in resolving your issue, our development team is still investigating this. As soon as I have any further updates from them I will let you know.

In the meantime should you have any queries please do not hesitate to contact me.

GFI Technical Support
  •  
Columbia

Messages: 31
Karma: 1
Send a private message to this user
Areichmann, request to support team a question with stability in last update of Kerio Control 9.2.3, please.
  •  
Columbia

Messages: 31
Karma: 1
Send a private message to this user
What's about stability in 9.2.3?
Previous Topic: No country for ip address (GeoIP)
Next Topic: starting service error : error 1920
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Tue Sep 26 16:26:04 CEST 2017

Total time taken to generate the page: 0.00458 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.