Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Kerio Control vulnerable ? Stack Clash ? (https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash)
  •  
areichmann

Messages: 65
Karma: 3
Send a private message to this user
I will open a ticket and give u updates !
https://blog.qualys.com/securitylabs/2017/06/19/the-stack-cl ash

thanks for info @columbia

[Updated on: Sat, 24 June 2017 09:11]

  •  
Columbia

Messages: 24
Karma: 1
Send a private message to this user
They waited! Users find bugs and vulnerabilities in the product. Waiting for an urgent response from the developers! When will the fix?
  •  
Columbia

Messages: 24
Karma: 1
Send a private message to this user
Need any reaction or answer from Kerio support!
  •  
Heather P (Kerio)

Messages: 34
Karma: 1
Send a private message to this user
Thanks for posting on this topic. GFI Software have been paying attention to the Stack Clash vulnerability. I didn't see any updates here yet. so I can provide you a summary of our findings.

This is a vulnerability that could potentially affect products like Kerio's products that run on a LInux server. However, to exploit the vulnerability, it would require that an attacker finds a way to execute code to run on the Linux server itself. If an attacker found a way to do this, it could be an issue. However, the blocker to doing this hackers is finding a way to get that code on the Linux server, which they should not be able to do.

For servers / workstations that run code from different / multiple users, it is more of a risk. Other users could either be malicious themselves, or give away access to the server to others intentionally or unknowingly.

Our assessment of the Stack Clash vulnerability for Kerio products is that is low risk, but high impact. Due to the high impact, we are taking action and will ensure we build our products using the recommended safeguards to ensure that all memory areas being used by our applications are protected with safeguards to ensure that, under no circumstances there could be this type of clash. Each product will have this protection added in the next release.

Heather Paunet
VP, Product Marketing

Previous Topic: Kerio VPN Routing Problem
Next Topic: Three networks
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Jul 27 06:45:58 CEST 2017

Total time taken to generate the page: 0.00366 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.