CVE-2004-1023

Published: Jan 10, 2005Modified: Apr 16, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration.

Affected (15)

Products: Kerio: Kerio Mailserver, Serverfirewall, Winroute Firewall

3 products

Configuration A

15 vulnerable

Vulnerable Software	Affected Versions
Kerio Kerio Mailserver	Version 6.0.0
Kerio Kerio Mailserver	Version 6.0.1
Kerio Kerio Mailserver	Version 6.0.2
Kerio Kerio Mailserver	Version 6.0.3
Kerio Kerio Mailserver	Version 6.0.4
Kerio Serverfirewall	Version 1.0.0
Kerio Winroute Firewall	Version 6.0.0
Kerio Winroute Firewall	Version 6.0.1
Kerio Winroute Firewall	Version 6.0.2
Kerio Winroute Firewall	Version 6.0.3
Kerio Winroute Firewall	Version 6.0.4
Kerio Winroute Firewall	Version 6.0.5
Kerio Winroute Firewall	Version 6.0.6
Kerio Winroute Firewall	Version 6.0.7
Kerio Winroute Firewall	Version 6.0.8

References (4)

http://marc.info/?l=bugtraq&m=110305387813002&w=2

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/18471

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=110305387813002&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/18471

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.