CVE-2005-1063

Name of the Vulnerable Software and Affected Versions Kerio WinRoute Firewall versions 6.x up to 6.0.10 Kerio Personal Firewall versions 4.x up to 4.1.2 Kerio MailServer versions up to 6.0.8

Description The issue allows remote attackers to cause a denial of service, resulting in CPU consumption, by forcing the product to compute unexpected conditions and perform cryptographic operations. This can be triggered during the pre-authentication state, and it may also occur when the system exceeds the limit of maximum number of user connections, leading to a loss of availability for the service.

Recommendations For Kerio WinRoute Firewall versions 6.x up to 6.0.10, consider restricting access to the administration protocol to minimize the risk of exploitation. For Kerio Personal Firewall versions 4.x up to 4.1.2, restrict the number of user connections to prevent exceeding the maximum limit. For Kerio MailServer versions up to 6.0.8, limit cryptographic operations to reduce the impact of the denial of service attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.