To get the full benefit did take some time to pour over the documentation because, to be quite frank, there are some areas that simply are not explained very well or at all. KMS was, for me at least, approachable and easy enough to understand that it took little time to configure a working SMTP/POP/IMAP server with options. Many, while free, took too much of my time away from other tasks in order to manage or study up on, and others were so expensive as to put them out of reach of mere mortals(ex: CGP). The upgrade is hosted for download at .I'd searched high and low for an email server that wouldn't require me to be a full time administrator. Upgrading to version 10.0.0 eliminates this vulnerability. Technical details are known, but there is no available exploit. This vulnerability was named CVE-2023-25267 since. There is a stack-based Buffer Overflow in the webmail component's 2FASetup function via an authenticated request with a long primaryEMailAddress field to the webmail/api/jsonrpc URI. CVE summarizes:Īn issue was discovered in GFI Kerio Connect 9.4.1 patch 1 (fixed in 10.0.0). As an impact it is known to affect confidentiality, integrity, and availability. A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). The CWE definition for the vulnerability is CWE-121. The manipulation of the argument primaryEMailAddress with an unknown input leads to a stack-based overflow vulnerability. This vulnerability affects some unknown functionality of the file webmail/api/jsonrpc of the component 2FASetup. A high score indicates an elevated risk to be targeted for this vulnerability.Ī vulnerability was found in GFI Kerio Connect 9.4.1 Patch 1. The CTI Interest Score identifies the interest of attackers and the security community for this specific vulnerability in real-time. Our Cyber Threat Intelligence team is monitoring different web sites, mailing lists, exploit markets and social media networks.
0 kommentar(er)
