Vulnerabilities

Vulnerability Description
Bash vulnerability CVE-2014-6271, CVE-2014-7169 (ShellShock)

The shellshock vulnerability (aka CVE-2014-6271 and CVE-2014-7169) is a security bug affecting Unix-like operating systems through the Bash shell.

For information on its impact on Kerio products, read Bash vulnerability CVE-2014-6271, CVE-2014-7169 (ShellShock) article.

Linux Glibc vulnerability CVE-2015-7547

A vulnerability in the Linux glibc system library has been found. An attacker can gain root access to the server and execute a code.

For more details on its impact on Kerio products, read Linux Glibc vulnerability CVE-2015-7547 article.

Linux vulnerability CVE-2015-0235 (GHOST)

There is a vulnerability in Linux glibc system library. An attacker can exploit this vulnerability and gain root access to your server and execute a code.

For more details on its impact on Kerio products, read Linux vulnerability CVE-2015-0235 (GHOST) article.

OpenSSL vulnerability CVE-2014-0160 (Heartbleed)

The National Institute of Standards and Technology (NIST) has published a vulnerability to OpenSSL 1.0.1. Details regarding the vulnerability are available from the NIST website. Kerio Connect 8.2.0 up to 8.2.3 used the affected version of the OpenSSL library. However, a fix is available for Kerio Connect as of version 8.2.4. You can download this release from the Kerio Website.

For additional information and security precautions, read OpenSSL vulnerability CVE-2014-0160 article.

SSLSecure Sockets Layer - A protocol that ensures integral and secure communication between networks. 3.0 vulnerability CVE-2014-3566 and POODLE

This vulnerability is a flaw in the protocol design. An attacker that controls the network between the client and the server can interfere with any attempted handshake offering TLSTransport Layer Security - A follower of the SSL protocol and ensures secure communication between networks. 1.0 or later and force both client and server to use SSL 3.0 protocol instead. They can then use other attack techniques (eg. BEAST attack) to decipher transmitted data.

For information on its impact on Kerio products, read SSL 3.0 vulnerability CVE-2014-3566 (POODLE) article.