Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1023

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2004-1023
Last Modified 05 Sep 2008 04:40:07
Published 10 Jan 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-1023

Summary

Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration.

Vulnerable Systems

Application

  • Kerio Mailserver 6.0.0

  • Kerio Mailserver 6.0.1

  • Kerio Mailserver 6.0.2

  • Kerio Mailserver 6.0.3

  • Kerio Mailserver 6.0.4

  • Kerio Serverfirewall 1.0.0

  • Kerio Winroute Firewall 6.0.0

  • Kerio Winroute Firewall 6.0.1

  • Kerio Winroute Firewall 6.0.2

  • Kerio Winroute Firewall 6.0.3

  • Kerio Winroute Firewall 6.0.4

  • Kerio Winroute Firewall 6.0.5

  • Kerio Winroute Firewall 6.0.6

  • Kerio Winroute Firewall 6.0.7

  • Kerio Winroute Firewall 6.0.8


References

XF - kerio-insecure-permissions(18471)

BUGTRAQ - 20041214 [CAN-2004-1023] Insecure default file system permissions on Microsoft versions of Kerio Software


Last Updated: 27 May 2016 10:38:52