Denial of service vulnerability in STARTTLS implementation in Kerio Connect (dpkg) 7.1.4 build 2985 and MailServer 6.xID: oval:org.secpod.oval:def:614 | Date: (C)2011-04-01 (M)2022-10-10 |
Class: VULNERABILITY | Family: unix |
The host is installed with Kerio Connect 7.1.4 build 2985 or MailServer 6.x and is prone to denial of service vulnerability. A flaw is present in STARTTLS implementation in the application which does not properly restrict I/O buffering. Successful exploitation allow man-in-the-middle attackers to insert commands into encrypted SMTP sessions.