Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Kerio Mail Server Security
  •  
rhunter

Messages: 79
Karma: 0
Send a private message to this user
We currently use Exchange at work and I've been looking at Kerio for some time. Notwithstanding the problems that have appeared in KMS 6, it does have some antispam features that are interesting compared to Exchange.

I recently started worrying about the vulnerability of Exchange to hackers so I found a program called N-Stealth (www.nstalker.com) which you can run against a server through port 80 or 443 to check for vulnerabilities. The free version claims to check for 20,000 vulnerabilities. I ran its Top 10 scan - which scanned for about 240 vulnerabilities - against Exchange and it found one vulnerability. I ran it against KMS 5.7.10 and it found over 200. I dont have KMS 6 set up at the moment to test it. I ran the full scan and it reported a LOT of vulnerabilities with KMS. Has anyone else ever tried this? Is this for real? Is this N-Stealth program any good or is this all bogus?

Thanks,

Russ
  •  
mdhmi

Messages: 62
Karma: 0
Send a private message to this user

Can you post some of the output from your scan? It's possible N-Stealth returned a number of false positives. You might want to start scanning at a lower power number so N-Stealth can check for mail (25), ftp (21), ssh (22), telnet (23), etc..

Cheers,

Mark
  •  
johbar

Messages: 22
Karma: 0
Send a private message to this user
I ran the program called N-Stalker on Kerio 6.0.4 and these are the results:

Hostname (URL): http://<<REMOVED>>
Server: Kerio MailServer 6.0.4
Date: Tue Nov 30 18:28:11 2004
Scanning Time 156 second(s)
Scanning Method: Standard Scan/Top 20
Number of Security Checks: 20213
Total Scanned Signatures: 20213
Total Vulnerabilities Found: 0

Looks like it's they have been removed in the later version

Mother is the name for God on the lips and hearts of all children
  •  
jshaw541

Messages: 471
Karma: 0
Send a private message to this user
As someone else in this thread mentioned, false positives are quite common with vulnerability scanners. They should be used more as an auditing guide rather than THE law or a definitive answer.

I would need to see the program's output to provide any sort of educated insights into the results you got.

Often times, these scanners try a variety of program-specific exploits on a port. In some cases, if an Exchange exploit doesn't give the desired output when scanning a KMS port, the scanner will mark it as a vulnerability.

It's also entirely possible that all the vulnerabilities are legit. Perhaps this program keeps a catalog of Kerio-specific exploits. Perhaps an exploit for Mail Package X would also affect KMS, because they use the same version of OpenSSL, and thus have the same vulnerabilities, for example.

Kerio's software appears to be higher quality than the norm, luckily.

Kerio MailServer 6.7.1 w/AD
Windows Server 2003 SP 1
Dell PowerEdge 2850 (Dual Xeon 3.2ghz and 2 GB RAM)
~1300 users
~1000+ concurrent IMAPS connections
iPhone users
Outlook 2007 KOFF users
Apple iCal 10.5/10.6 users
  •  
rhunter

Messages: 79
Karma: 0
Send a private message to this user
I re-ran it against 6.04 and got no vulnerabilities. I went back and scanned 5.7.10 again and got the following with the Top 10 scan. I also listed some of the vulnerabilities NStealth reported - right or wrong. Whether false or not, they obviously changed in KMS 6 such that it isnt triggered.


Hostname (URL):
Server: (null)
Date: Tue Nov 30 18:03:12 2004
Scanning Time 4 second(s)
Scanning Method: Top 10 Scan
Number of Security Checks: 212
Total Scanned Signatures: 212
Total Vulnerabilities Found: 204

CGI Security Hole in EWS1.1 Vulnerability
Risk Level: High
Bugtraq ID: 2248
CVE ID: CVE-1999-0279
Location: http://architext_query.pl
Vulnerability details and fix recommendations are available on commercial version.



------------------------------------------------------------ --------------------
OReilly WebSite 1.x/2.0 win-c-sample.exe Buffer Overflow Vulnerability
Risk Level: High
Bugtraq ID: 2078
CVE ID: CVE-1999-0178
Location: http://cgi-shl/win-c-sample.exe
Vulnerability details and fix recommendations are available on commercial version.



------------------------------------------------------------ --------------------
CGI Security Hole in EWS1.1 Vulnerability
Risk Level: High
Bugtraq ID: 2248
CVE ID: CVE-1999-0279
Location: http://ews/architext_query.pl
Vulnerability details and fix recommendations are available on commercial version.



------------------------------------------------------------ --------------------
CGI Security Hole in EWS1.1 Vulnerability
Risk Level: High
Bugtraq ID: 2248
CVE ID: CVE-1999-0279
Location: http://ews/ews/architext_query.pl
Vulnerability details and fix recommendations are available on commercial version.



------------------------------------------------------------ --------------------
Hylafax Faxsurvey Remote Command Execution Vulnerability
Risk Level: High
Bugtraq ID: 2056
CVE ID: CVE-1999-0262
Location: http://faxsurvey
Vulnerability details and fix recommendations are available on commercial version.



------------------------------------------------------------ --------------------
A vulnerability exists in the cgi-bin program 'handler', as included by Silicon Graphics in their Irix operating
Risk Level: High
Bugtraq ID: 380
CVE ID: CVE-1999-0148
Location: http://handler
Vulnerability details and fix recommendations are available on commercial version.


  •  
jshaw541

Messages: 471
Karma: 0
Send a private message to this user
Yeah, those all look like false positives. Interesting, nonetheless.

Kerio MailServer 6.7.1 w/AD
Windows Server 2003 SP 1
Dell PowerEdge 2850 (Dual Xeon 3.2ghz and 2 GB RAM)
~1300 users
~1000+ concurrent IMAPS connections
iPhone users
Outlook 2007 KOFF users
Apple iCal 10.5/10.6 users
  •  
rhunter

Messages: 79
Karma: 0
Send a private message to this user
I thought it was interesting also considering that if I run the standard scan there are a LOT of false positives - thousands of them...
  •  
johbar

Messages: 22
Karma: 0
Send a private message to this user
I just want to add that I am running linux KMS so that may add to the fact that it doesn't pick up certain windows/exchange exploits.

As for the ones that you did indeed find, they all are in fact false positives.

All the false errors could just be the company's way of trying to get you to buy the software.

BUT, I do suggest you watch the ports and network traffic if it is a live system as I believe in something, paranoia is a thing that I live with and respect on the Internet >;p

Mother is the name for God on the lips and hearts of all children
  •  
jshaw541

Messages: 471
Karma: 0
Send a private message to this user
johbar wrote on Mon, 06 December 2004 23:37


All the false errors could just be the company's way of trying to get you to buy the software.



I would normally be inclined to agree, but the free project Nessus also suffers from this. I haven't looked at the Nessus source code to see what's actually going on under the hood, though.

Quote:


BUT, I do suggest you watch the ports and network traffic if it is a live system as I believe in something, paranoia is a thing that I live with and respect on the Internet >;p


Wise words. Just because some program tells you you're "not vulnerable" doesn't mean you aren't.


Kerio MailServer 6.7.1 w/AD
Windows Server 2003 SP 1
Dell PowerEdge 2850 (Dual Xeon 3.2ghz and 2 GB RAM)
~1300 users
~1000+ concurrent IMAPS connections
iPhone users
Outlook 2007 KOFF users
Apple iCal 10.5/10.6 users
Previous Topic: Webmail
Next Topic: KMS 6.0.2 and postfix
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 00:36:25 CET 2017

Total time taken to generate the page: 0.00542 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.