Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Vulnerablility
  •  
sedell

Messages: 1168
Karma: 1
Send a private message to this user
From sans.org <_at_>RISK newsletter:

05.20.21 CVE: CAN-2005-1138
Platform: Cross Platform
Title: Kerio MailServer Multiple Denial of Service Vulnerabilities
Description: Kerio MailServer is vulnerable to multiple denial of
service issues becuase the application does not handle exceptional
conditions when processing certain e-mail messages. Kerio MailServer versions 6.0.9 and earlier are vulnerable.
Ref: http://www.kerio.com/kms_history.html

Why doesn't Kerio notify us about things like this instead of having us find out about it elsewhere? I've yet to see something like this posted in their newsletter.

Scott
  •  
pwhodges

Messages: 144
Karma: 0
Send a private message to this user
Many of these vulnerabilities are highly theoretical, and being notified of every one would be a waste of our time.

Paul
  •  
peterj

Messages: 852
Karma: 1
Send a private message to this user
pwhodges - do you work for Kerio or something?
  •  
pwhodges

Messages: 144
Karma: 0
Send a private message to this user
peterj wrote on Fri, 20 May 2005 15:56

pwhodges - do you work for Kerio or something?

! Not at all. I spend my time dealing with issues and vulnerabilities that do affect my systems, or look likely to, and take a view on those which are currently theoretical. As a general rule I keep software fully updated, as the lesser evil (of the choice between fixing old issues and introducing new ones), so being told about things that are already fixed is of marginal interest to me.

I don't run Kerio at work, but at home, where I provide mail services for a number of family and friends, some of whom are intensive users and also rely on webmail a lot of the time. So I was as irritated as anyone when Kerio 6 introduced webmail that was slow and clunky, and didn't work with (a) the browser I use (Opera), and (b) Internet facilities in many German railway stations (webmail is about travelling, right?), which is why I had to put SquirrelMail up straight away. As my users had started using the Kerio webmail again recently, as it had improved so much, it was irritating when the new default setup of HTTP compression in 6.0.9 broke their IE usage /again/. Hopefully the simple webmail option in 6.1 will resolve these issues finally, but I'm not sure whether to brave the beta (I often do, but...)

At work I look after an Exchange system; I specified this on the back of a requirement to use Outlook (to replace an existing GroupWise system), and as more than half of my users are using laptops and so require effective caching /and/ out-of office updating (using RPC over HTTPS), I didn't (and still wouldn't) even consider using anything other than Exchange for this role (the educational pricing also makes a big difference!). The things I have mentioned work brilliantly in the Exchange/Outlook combination, but I have a lot of trouble with it refusing to send mail from people's alternative addresses (the people I provide services for each have three, sometimes more, as a consequence of their project's nature and the university's policy on email addresses), or when people are acting as delegates. When I raised a paid support issue with MS recently, I was very disappointed at the quality of the response - certainly I have found Kerio better. It's also a (minor) pain to have to run add-ons to do basic things like defining catch-all mailboxes, or putting sent mail in the right place when sending as a delegate.

I don't mean to suggest that there are not things that Kerio ought to do better, but that a sense of perspective is useful. When certain problems are show-stoppers, it is easy to pile lots of other issues into the pot, and lose sight of the possibility that they are actually far less important.

Paul
  •  
peterj

Messages: 852
Karma: 1
Send a private message to this user

The 'showstopper' for me has always been the promised offline caching & I have never suggested otherwise.

Stil it seems to make no difference
Previous Topic: Help Please - I think I'm missing something...
Next Topic: KOC 6.0.10 can't handle nested Attachments!
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Wed Nov 22 04:24:27 CET 2017

Total time taken to generate the page: 0.00395 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.