CVE Vulnerabilities

CVE-2004-1023

Published: Jan 10, 2005 | Modified: Jul 11, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration.

Affected Software

Name Vendor Start Version End Version
Kerio_mailserver Kerio 6.0.0 (including) 6.0.0 (including)
Kerio_mailserver Kerio 6.0.1 (including) 6.0.1 (including)
Kerio_mailserver Kerio 6.0.2 (including) 6.0.2 (including)
Kerio_mailserver Kerio 6.0.3 (including) 6.0.3 (including)
Kerio_mailserver Kerio 6.0.4 (including) 6.0.4 (including)
Serverfirewall Kerio 1.0.0 (including) 1.0.0 (including)
Winroute_firewall Kerio 6.0.0 (including) 6.0.0 (including)
Winroute_firewall Kerio 6.0.1 (including) 6.0.1 (including)
Winroute_firewall Kerio 6.0.2 (including) 6.0.2 (including)
Winroute_firewall Kerio 6.0.3 (including) 6.0.3 (including)
Winroute_firewall Kerio 6.0.4 (including) 6.0.4 (including)
Winroute_firewall Kerio 6.0.5 (including) 6.0.5 (including)
Winroute_firewall Kerio 6.0.6 (including) 6.0.6 (including)
Winroute_firewall Kerio 6.0.7 (including) 6.0.7 (including)
Winroute_firewall Kerio 6.0.8 (including) 6.0.8 (including)

References