CVE-2004-1023
CVSS2.1
发布时间 :2005-01-10 00:00:00
修订时间 :2016-10-17 22:50:50
NMCOP    

[原文]Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration.


[CNNVD]Kerio 多个软件 弱安全机制漏洞(CNNVD-200501-129)

        Kerio是一家安全软件公司,提供多种安全软件。
        Kerio Winroute Firewall 6.0.9之前、ServerFirewall 1.0.1之前以及MailServer 6.0.5之前的版本中存在弱安全机制漏洞。
        当安装在基于Windows的系统上时,上述软件不会修改重要文件的ACL,这使得具有管理员权限的本地用户可以修改程序、在plug-ins文件夹中安装恶意DLL,以及修改与配置相关的XML文件。

- CVSS (基础分值)

CVSS分值: 2.1 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:kerio:kerio_mailserver:6.0.3
cpe:/a:kerio:kerio_mailserver:6.0.2
cpe:/a:kerio:winroute_firewall:6.0.3
cpe:/a:kerio:winroute_firewall:6.0.2
cpe:/a:kerio:kerio_mailserver:6.0.4
cpe:/a:kerio:winroute_firewall:6.0.5
cpe:/a:kerio:serverfirewall:1.0.0
cpe:/a:kerio:winroute_firewall:6.0.4
cpe:/a:kerio:kerio_mailserver:6.0.1
cpe:/a:kerio:kerio_mailserver:6.0.0
cpe:/a:kerio:winroute_firewall:6.0.1
cpe:/a:kerio:winroute_firewall:6.0.0
cpe:/a:kerio:winroute_firewall:6.0.7
cpe:/a:kerio:winroute_firewall:6.0.6
cpe:/a:kerio:winroute_firewall:6.0.8

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1023
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1023
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-129
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=110305387813002&w=2
(UNKNOWN)  BUGTRAQ  20041214 [CAN-2004-1023] Insecure default file system permissions on Microsoft versions of Kerio Software
http://xforce.iss.net/xforce/xfdb/18471
(UNKNOWN)  XF  kerio-insecure-permissions(18471)

- 漏洞信息

Kerio 多个软件 弱安全机制漏洞
低危 未知
2005-01-10 00:00:00 2006-09-27 00:00:00
本地  
        Kerio是一家安全软件公司,提供多种安全软件。
        Kerio Winroute Firewall 6.0.9之前、ServerFirewall 1.0.1之前以及MailServer 6.0.5之前的版本中存在弱安全机制漏洞。
        当安装在基于Windows的系统上时,上述软件不会修改重要文件的ACL,这使得具有管理员权限的本地用户可以修改程序、在plug-ins文件夹中安装恶意DLL,以及修改与配置相关的XML文件。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.kerio.com/

- 漏洞信息 (F35332)

kerioPerms.txt (PacketStormID:F35332)
2004-12-30 00:00:00
Javier Munoz  
advisory
CVE-2004-1023
[点击下载]

Microsoft versions of Kerio software suffer from insecure default file system permissions.

______________________________________________________________________


            Secure Computer Group - University of A Coruna
                    http://research.tic.udc.es/scg/

                               -- x --

           dotpi.com Information Technologies Research Labs
                         http://www.dotpi.com

______________________________________________________________________

ID:                        #20041214-2
Document title:            Insecure default file system permissions on
                            Microsoft versions of Kerio Software 

Document revision:         1.0

Coordinated release date:  2004/12/14
Vendor Acknowledge date:   2004/11/10
Reported date:             2004/11/08

CVE Name:                  CAN-2004-1023

Other references:          N/A
______________________________________________________________________

Summary:

   Impact:                  Privilege escalation
                            System sofware tampering
                            Trojan injection
                            Second-stage attack vector
                            Alter configuration files

   Rating/Severity:         Low
   Recommendation:          Update to latest version
                            Enforce file system ACLs

   Vendor:                  Kerio Technologies Inc.

   Affected software:       Kerio WinRoute Firewall (all versions)
                            Kerio ServerFirewall (all versions)
                            Kerio MailServer (all windows versions)

   Updates/Patches:         Yes (see below)
______________________________________________________________________

General Information:

   1. Executive summary:
      ------------------

      As a result of its collaboration relationship the Secure Computer
      Group (SCG) along with dotpi.com Research Labs have determined
      the following security issue on some Kerio Software.

      Kerio WinRoute Firewall, Kerio ServerFirewall and Kerio MailServer
      are installed by default under 'Program Files' system folder. No
      change is done to the ACLs after the installation process.

      As a result, anyone belonging to the 'Power Users' system group
      would be able to modify binary files of services running as
      LOCALSYSTEM, drop malicious DLLs the plug-ins folder or perform
      any change on the XML files where the service settings are
      stored.

      System administrators should enforce ACL security settings in
      order solve this problem. It is also highly recommended to
      verify this settings as part of the planning, installation,
      hardening and auditing processes.

      New versions of the software solve this an other minor problems
      so it is upgrade its highly recommended.


   2. Technical details:
      ------------------

      Following the latest trends and approaches to responsible
      disclosure, SCG and dotpi.com are going to withhold details of
      this flaw for three months.

      Full details will be published on 2005/03/14. This three month
      window will allow system administrators the time needed to
      obtain the patch before the details are released to the general
      public.


   3. Risk Assessment factors:
      ------------------------

      The attacker would need local interactive access to the
      installation directory. Remote access is also possible but
      default system settings do not make this easy.

      The most risky scenarios are the ones in which the server machine
      is shared among two or more users or those situations where Kerio
      service management have been delegated to a third party any other
      than local or domain system administrator.

      Special care should be taken on such environments and every step
      of the project: design, planning, deployment and management
      should consider this security issues.

      Privilege escalation, system and software tampering and the
      ability to alter service configuration are all real issues and
      all of them can be used as a second stage attack vector.


   4. Solutions and recommendations:
      ------------------------------

      Enforce the file system ACLs and/or upgrade to the latest
      versions:

      	o Kerio Winroute Firewall 6.0.9
      	
      	o Kerio ServerFirewall 1.0.1

      	o Kerio MailServer 6.0.5

      As in any other case, follow, as much as possible, the Industry
      'Best Practices' on Planning, Deployment and Operation on this
      kind of services.


   5. Common Vulnerabilities and Exposures (CVE) project:
      ---------------------------------------------------

      The Common Vulnerabilities and Exposures (CVE) project has
      assigned the name CAN-2004-1023 to this issue. This is a
      candidate for inclusion in the CVE list (http://cve.mitre.org),
      which standardizes names for security problems.

______________________________________________________________________

Acknowledgements:

   1. Special thanks to Vladimir Toncar and Pavel Dobry and the whole
      Technical Team from Kerio Technologies (support at kerio.com)
      for their quick response and professional handling on this issue.

   3. The whole Research Lab at dotpi.com and specially to Carlos Veira
      for his leadership and support.

   3. Secure Computer Group at University of A Coruna (scg at udc.es),
      and specially to Antonino Santos del Riego powering new research
      paths at University of a Coruna.

______________________________________________________________________

Credits:

   Javier Munoz (Secure Computer Group) is credited with this discovery.

______________________________________________________________________

Related Links:

   [1] Kerio Technologies Inc.
       http://www.kerio.com/

   [2] Kerio WinRoute Firewall Downloads & Updates
       http://www.kerio.com/kwf_download.html

   [3] Kerio ServerFirewall Downloads & Updates
       http://www.kerio.com/ksf_download.html

   [4] Kerio MailServer Downloads & Updates
       http://www.kerio.com/kms_download.html

   [5] Secure Computer Group. University of A Coruna
       http://research.tic.udc.es/scg/

   [6] Secure Computer Group. Updated advisory
       http://research.tic.udc.es/scg/advisories/20041214-2.txt

   [7] dotpi.com Information Technologies S.L.
       http://www.dotpi.com/

   [8] dotpi.com Research Labs
       http://www.dotpi.com/research/

______________________________________________________________________

Legal notice:

   Copyright (c) 2002-2004 Secure Computer Group. University of A Coruna
   Copyright (c) 2004 dotpi.com Information Technologies S.L.

   Permission is granted for the redistribution of this alert
   electronically. It may not be edited in any way without the express
   written consent of the authors.

   If you wish to reprint the whole or any part of this alert in any
   other medium other than electronically, please contact the authors
   for explicit written permission at the following e-mail addresses:
   (scg at udc.es) and (info at dotpi.com).

   Disclaimer: The information in the advisory is believed to be
   accurate at the time of publishing based on currently available
   information. Use of the information constitutes acceptance for use
   in an AS IS condition.

   There are no warranties with regard to this information. Neither the
   author nor the publisher accepts any liability for any direct,
   indirect, or consequential loss or damage arising from use of, or
   reliance on, this information.
_____________________________________________________________________
    

- 漏洞信息

13153
Kerio MailServer / ServerFirewall Critical File ACL Weakness
Remote / Network Access Infrastructure
Loss of Integrity Upgrade
Vendor Verified

- 漏洞描述

- 时间线

2004-12-14 Unknow
Unknow 2004-12-14

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站