CVE-2004-1022
CVSS2.1
发布时间 :2005-01-10 00:00:00
修订时间 :2016-10-17 22:50:48
NMCOPS    

[原文]Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software.


[CNNVD]Kerio 多个产品 弱加密漏洞(CNNVD-200501-095)

        Kerio公司是一家互联网安全软件公司,主要产品包括防火墙及邮件系统。
        Kerio的多个软件(Winroute Firewall 6.0.7之前版本、ServerFirewall 1.0.1之前版本、MailServer 6.0.5之前版本)存在弱加密漏洞。
        由于上述版本中对用户密码使用对称加密,这使得攻击者可从软件中提取密钥,从而对用户数据库解密并获得密码。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:kerio:kerio_mailserver:5.0
cpe:/a:kerio:winroute_firewall:6.0.3
cpe:/a:kerio:kerio_mailserver:5.7.5
cpe:/a:kerio:winroute_firewall:6.0.2
cpe:/a:kerio:kerio_mailserver:5.7.8
cpe:/a:kerio:winroute_firewall:6.0.5
cpe:/a:kerio:winroute_firewall:6.0.4
cpe:/a:kerio:kerio_mailserver:5.7.9
cpe:/a:kerio:winroute_firewall:6.0.1
cpe:/a:kerio:kerio_mailserver:5.1
cpe:/a:kerio:winroute_firewall:5.1.9
cpe:/a:kerio:winroute_firewall:5.1.8
cpe:/a:kerio:winroute_firewall:5.1.7
cpe:/a:kerio:winroute_firewall:5.1.6
cpe:/a:kerio:kerio_mailserver:5.6.3
cpe:/a:kerio:kerio_mailserver:5.6.4
cpe:/a:kerio:kerio_mailserver:5.6.5
cpe:/a:kerio:winroute_firewall:5.0.2
cpe:/a:kerio:winroute_firewall:5.0.1
cpe:/a:kerio:winroute_firewall:5.1
cpe:/a:kerio:winroute_firewall:5.0.6
cpe:/a:kerio:kerio_mailserver:5.7.10
cpe:/a:kerio:winroute_firewall:5.0.5
cpe:/a:kerio:winroute_firewall:5.0.4
cpe:/a:kerio:winroute_firewall:5.0.3
cpe:/a:kerio:winroute_firewall:5.10
cpe:/a:kerio:winroute_firewall:6.0.7
cpe:/a:kerio:winroute_firewall:6.0.6
cpe:/a:kerio:winroute_firewall:6.0.8
cpe:/a:kerio:kerio_mailserver:6.0
cpe:/a:kerio:kerio_mailserver:5.1.1
cpe:/a:kerio:winroute_firewall:5.0.9
cpe:/a:kerio:winroute_firewall:5.0.8
cpe:/a:kerio:winroute_firewall:5.0.7
cpe:/a:kerio:winroute_firewall:5.1.10
cpe:/a:kerio:kerio_mailserver:6.0.3
cpe:/a:kerio:kerio_mailserver:6.0.2
cpe:/a:kerio:serverfirewall:1.0
cpe:/a:kerio:kerio_mailserver:6.0.4
cpe:/a:kerio:kerio_mailserver:6.0.1
cpe:/a:kerio:kerio_mailserver:5.7.2
cpe:/a:kerio:kerio_mailserver:5.7.0
cpe:/a:kerio:kerio_mailserver:5.7.3
cpe:/a:kerio:kerio_mailserver:5.7.6
cpe:/a:kerio:kerio_mailserver:5.7.1
cpe:/a:kerio:kerio_mailserver:5.7.4
cpe:/a:kerio:kerio_mailserver:5.7.7
cpe:/a:kerio:winroute_firewall:5.1.1
cpe:/a:kerio:winroute_firewall:6.0
cpe:/a:kerio:winroute_firewall:5.1.5
cpe:/a:kerio:winroute_firewall:5.1.4
cpe:/a:kerio:winroute_firewall:5.1.3
cpe:/a:kerio:winroute_firewall:5.1.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1022
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1022
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-095
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=110304957607578&w=2
(UNKNOWN)  BUGTRAQ  20041214 [CAN-2004-1022] Insecure Credential Storage on Kerio Software
http://xforce.iss.net/xforce/xfdb/18470
(UNKNOWN)  XF  kerio-weak-encryption(18470)

- 漏洞信息

Kerio 多个产品 弱加密漏洞
低危 设计错误
2005-01-10 00:00:00 2006-09-27 00:00:00
本地  
        Kerio公司是一家互联网安全软件公司,主要产品包括防火墙及邮件系统。
        Kerio的多个软件(Winroute Firewall 6.0.7之前版本、ServerFirewall 1.0.1之前版本、MailServer 6.0.5之前版本)存在弱加密漏洞。
        由于上述版本中对用户密码使用对称加密,这使得攻击者可从软件中提取密钥,从而对用户数据库解密并获得密码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.kerio.com/downloads

- 漏洞信息 (F35331)

kerioCredential.txt (PacketStormID:F35331)
2004-12-30 00:00:00
Javier Munoz  
advisory
CVE-2004-1022
[点击下载]

Kerio software is susceptible to an insecure credential storage flaw.

______________________________________________________________________


            Secure Computer Group - University of A Coruna
                    http://research.tic.udc.es/scg/

                               -- x --

           dotpi.com Information Technologies Research Labs
                         http://www.dotpi.com

______________________________________________________________________

ID:                        #20041214-1
Document title:            Insecure Credential Storage on Kerio
                            Software
Document revision:         1.0

Coordinated release date:  2004/12/14
Vendor Acknowledge date:   2004/10/06
Reported date:             2004/10/01

CVE Name:                  CAN-2004-1022

Other references:          N/A
______________________________________________________________________

Summary:

   Impact:                  Insecure Credential Storage
   Rating/Severity:         Medium
   Recommendation:          Update to latest version

   Vendor:                  Kerio Technologies Inc.

   Affected software:       Kerio WinRoute Firewall (all versions)
                            Kerio ServerFirewall (all versions)
                            Kerio MailServer (all versions)

   Updates/Patches:         Yes (see below)
______________________________________________________________________

General Information:

   1. Executive summary:
      ------------------

      As a result of its collaboration relationship the Secure Computer
      Group (SCG) along with dotpi.com Research Labs have determined
      this security issue on Kerio WinRoute Firewall (KWF), Kerio
      ServerFirewall (KSF) and Kerio MailServer (KMS).

      KWF, KSF and KMS user credential database system uses symmetric
      encryption to protect passwords stored on it.

      Anyone with a cyphertext of this database (that is, with access to
      the configuration files) could reverse the encryption using a
      universal secret key hidden into the program logic.

      New versions of the software solve this and other minor problems
      so it is upgrade its highly recommended.


   2. Technical details:
      ------------------

      Following the latest trends and approaches to responsible
      disclosure, SCG and dotpi.com are going to withhold details of
      this flaw for three months.

      Full details will be published on 2005/03/14. This three month
      window will allow system administrators the time needed to
      obtain the patch before the details are released to the general
      public.


   3. Risk Assessment factors:
      ------------------------

      The attacker needs access to the user database, which is not
      normally a usual condition on a properly hardened firewall and/or
      mail server.

      Despite this, special care should be taken on shared environments
      where more than one technical staff work together on the firewall
      and/or the mail server. This kind of scenarios offer a potential
      opportunity for the insiders on the work of stealing identities
      and, therefore, breaking access control measures.

      It is also important to note that this could be an important
      second-stage resource for a successful attacker on an already
      compromised firewall and/or mail server.


   4. Solutions and recommendations:
      ------------------------------

     Upgrade to the latest versions:

      	o Kerio Winroute Firewall 6.0.9

      	o Kerio ServerFirewall 1.0.1

      	o Kerio MailServer 6.0.5

      As in any other case, follow, as much as possible, the Industry
      'Best Practices' on Planning, Deployment and Operation on this
      kind of services.

      Note:

      Kerio Winroute Firewall 6.0.7 fixed CAN-2004-1022. Kerio Winroute
      Firewall 6.0.9 is the current version fixing CAN-2004-1022 and
      CAN-2004-1023


   5. Common Vulnerabilities and Exposures (CVE) project:
      ---------------------------------------------------

      The Common Vulnerabilities and Exposures (CVE) project has
      assigned the name CAN-2004-1022 to this issue. This is a
      candidate for inclusion in the CVE list (http://cve.mitre.org),
      which standardizes names for security problems.

______________________________________________________________________

Acknowledgements:

   1. Special thanks to Vladimir Toncar and Pavel Dobry and the whole
      Technical Team from Kerio Technologies (support at kerio.com)
      for their quick response and professional handling on this issue.

   3. The whole Research Lab at dotpi.com and specially to Carlos Veira
      for his leadership and support.

   3. Secure Computer Group at University of A Coruna (scg at udc.es),
      and specially to Antonino Santos del Riego powering new research
      paths at University of a Coruna.

______________________________________________________________________

Credits:

   Javier Munoz (Secure Computer Group) is credited with this discovery.

______________________________________________________________________

Related Links:

   [1] Kerio Technologies Inc.
       http://www.kerio.com/

   [2] Kerio WinRoute Firewall Downloads & Updates
       http://www.kerio.com/kwf_download.html

   [3] Kerio ServerFirewall Downloads & Updates
       http://www.kerio.com/ksf_download.html

   [4] Kerio MailServer Downloads & Updates
       http://www.kerio.com/kms_download.html

   [5] Secure Computer Group. University of A Coruna
       http://research.tic.udc.es/scg/

   [6] Secure Computer Group. Updated advisory
       http://research.tic.udc.es/scg/advisories/20041214-1.txt

   [7] dotpi.com Information Technologies S.L.
       http://www.dotpi.com/

   [8] dotpi.com Research Labs
       http://www.dotpi.com/research/

______________________________________________________________________

Legal notice:

   Copyright (c) 2002-2004 Secure Computer Group. University of A Coruna
   Copyright (c) 2004 dotpi.com Information Technologies S.L.

   Permission is granted for the redistribution of this alert
   electronically. It may not be edited in any way without the express
   written consent of the authors.

   If you wish to reprint the whole or any part of this alert in any
   other medium other than electronically, please contact the authors
   for explicit written permission at the following e-mail addresses:
   (scg at udc.es) and (info at dotpi.com).

   Disclaimer: The information in the advisory is believed to be
   accurate at the time of publishing based on currently available
   information. Use of the information constitutes acceptance for use
   in an AS IS condition.

   There are no warranties with regard to this information. Neither the
   author nor the publisher accepts any liability for any direct,
   indirect, or consequential loss or damage arising from use of, or
   reliance on, this information.
_____________________________________________________________________



    

- 漏洞信息

12369
Kerio MailServer / ServerFirewall Configuration File Hidden Key Password Disclosure
Information Disclosure
Loss of Confidentiality Upgrade
Vendor Verified

- 漏洞描述

- 时间线

2004-12-14 Unknow
Unknow 2004-12-14

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Multiple Kerio Products Universal Secret Key Storage Vulnerability
Design Error 11930
No Yes
2004-12-14 12:00:00 2009-07-12 09:26:00
Discovery of this vulnerability is credited to Secure Computer Group <scg@udc.es>.

- 受影响的程序版本

Kerio WinRoute Firewall 6.0.8
Kerio WinRoute Firewall 6.0.7
Kerio WinRoute Firewall 6.0.6
Kerio WinRoute Firewall 6.0.5
Kerio WinRoute Firewall 6.0.4
Kerio WinRoute Firewall 6.0.3
Kerio WinRoute Firewall 6.0.2
Kerio WinRoute Firewall 6.0.1
Kerio WinRoute Firewall 6.0
Kerio WinRoute Firewall 5.10
Kerio WinRoute Firewall 5.1.10
Kerio WinRoute Firewall 5.1.9
Kerio WinRoute Firewall 5.1.8
Kerio WinRoute Firewall 5.1.7
Kerio WinRoute Firewall 5.1.6
Kerio WinRoute Firewall 5.1.5
Kerio WinRoute Firewall 5.1.4
Kerio WinRoute Firewall 5.1.3
Kerio WinRoute Firewall 5.1.2
Kerio WinRoute Firewall 5.1.1
Kerio WinRoute Firewall 5.1
Kerio WinRoute Firewall 5.0.9
Kerio WinRoute Firewall 5.0.8
Kerio WinRoute Firewall 5.0.7
Kerio WinRoute Firewall 5.0.6
Kerio WinRoute Firewall 5.0.5
Kerio WinRoute Firewall 5.0.4
Kerio WinRoute Firewall 5.0.3
Kerio WinRoute Firewall 5.0.2
- Microsoft Windows 2000 Advanced Server SP3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP3
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Kerio WinRoute Firewall 5.0.1
- Microsoft Windows 2000 Advanced Server SP3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional SP3
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP3
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Professional SP1
- Microsoft Windows XP Professional
Kerio ServerFirewall 1.0
Kerio Mailserver 6.0.4
Kerio Mailserver 6.0.3
Kerio Mailserver 6.0.2
Kerio Mailserver 6.0.1
Kerio Mailserver 6.0
Kerio Mailserver 5.7.10
Kerio Mailserver 5.7.9
Kerio Mailserver 5.7.8
Kerio Mailserver 5.7.7
Kerio Mailserver 5.7.6
Kerio Mailserver 5.7.5
Kerio Mailserver 5.7.4
Kerio Mailserver 5.7.3
Kerio Mailserver 5.7.2
Kerio Mailserver 5.7.1
Kerio Mailserver 5.7 .0
Kerio Mailserver 5.6.5
Kerio Mailserver 5.6.4
Kerio Mailserver 5.6.3
Kerio Mailserver 5.1.1
Kerio Mailserver 5.1
Kerio Mailserver 5.0
Kerio WinRoute Firewall 6.0.9
Kerio ServerFirewall 1.0.1
Kerio Mailserver 6.0.5

- 不受影响的程序版本

Kerio WinRoute Firewall 6.0.9
Kerio ServerFirewall 1.0.1
Kerio Mailserver 6.0.5

- 漏洞讨论

Kerio WinRoute Firewall, Kerio ServerFirewall, and Kerio MailServer are all reported prone to a design flaw. It is reported that these products store credentials in a local database store, these credentials are obscured using an unspecified symmetric encryption algorithm. Reports indicate that a universal secret key is employed to extract plain text from the credential hashes; this presents a security risk because the universal secret key is stored in the WinRoute Firewall, Kerio ServerFirewall, and Kerio MailServer binaries.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

The vendor has released updates to address this vulnerability; Kerio Winroute Firewall version 6.0.7 addresses the vulnerability in Kerio Winroute. Kerio Mailserver version 6.0.5 addresses the vulnerability in Kerio Mailserver and Kerio ServerFirewall version 1.0.1 addresses the vulnerability in Kerio ServerFirewall. Customers are advised to contact the vendor for further information in regards to obtaining and applying appropriate updates.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站