Alfred Huger VP of Operations Security Focus ---------- Forwarded message ---------- Date: Thu, 11 Nov 1999 00:21:46 -0000 From: Dom De Vitto <[EMAIL PROTECTED]> To: Alfred Huger <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] Subject: RE: FTGate vulnerability. > Dom, > I am not sure if anyone has responded to you yet, if not, please let me > apologize, we are pretty busy here right now. Yea, I know busy, things fall through cracks all the time at my current contract, but they live with it and it's accepted.... > I will take your notes into the description. Two questions, one do you > want me to add your name to the credit list, I like to do this but some > people get a little leary of it. Two, can I fwd this to Bugtraq? 1) I'm easy about getting credit, so if you want to credit me, that's fine. 2) I already sent this to _NT_Bugtraq, but I think my new (non list-reg'd address) confused the listbot, so I sent it direct to Russ too - no response as yet :( But feel free to redistribute anything I've written to anywhere. I'm one of the founders and moderators of comp.lang.c++.moderated, so I've had to make sure what I say is "suitable for public consumption", even if it's to private parties - assuming anyone can define 'private' nowadays... :( Thanks, and keep up the good work! Dom - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Dom De Vitto Secure Technologies Ltd. Mob. 07971 589 201 mailto:[EMAIL PROTECTED] Tel. 01202 738 767 http://www.devitto.com Fax. 08700 548 750 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -----Original Message----- From: Alfred Huger [mailto:[EMAIL PROTECTED]] Sent: Wednesday, November 10, 1999 8:43 PM To: Dom De Vitto Cc: [EMAIL PROTECTED] Subject: Re: FTGate vulnerability. Dom, I am not sure if anyone has responded to you yet, if not, please let me apologize, we are pretty busy here right now. I will take your notes into the description. Two questions, one do you want me to add your name to the credit list, I like to do this but some people get a little leary of it. Two, can I fwd this to Bugtraq? Nov 1999, Dom De Vitto wrote: > Ref: > http://www.securityfocus.com/level2/?go=vulnerabilities&id=548 > > This problem was fixed in the next release v2.2, a long time ago. > The SEVENTH v2.2 service release was released over a month ago, so this > bug only effects very old FTGate installations. > > To solve this problem either upgrade your copy of FTGate to the current > release (for free), or only bind the web interface to 'trusted' interfaces. > > I also think the USSR labs have taken unjustified credit for a bug > discovered and fixed a long time ago by others - quite possibly by > examining the 'bug fixed' list for the v2.2 release.... > > The real "impact" of this is that anyone is likely to be able to read > anyone email, including incoming/outgoing mail. POP passwords are also > available for those with *any* hacking skills at all... > > Dom > PS. I have no relation to FTGate other than being a happy, freeware > user - & I'm running the "vulnerable" v2.1, but have always only bound > the web server to 127.0.0.1... > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > Dom De Vitto > Secure Technologies Ltd. Mob. 07971 589 201 > mailto:[EMAIL PROTECTED] Tel. 01202 738 767 > http://www.devitto.com Fax. 08700 548 750 > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > Alfred Huger VP of Operations Security Focus
BEGIN:VCARD VERSION:2.1 N:De Vitto;Domenico FN:Domenico De Vitto NICKNAME:Dom ORG:Secure Technologies Ltd. TITLE:Director TEL;WORK;VOICE:0797 1589 201 TEL;WORK;VOICE:01202 738 767 TEL;HOME;VOICE:01202 738 767 TEL;CELL;VOICE:0797 1589 201 TEL;WORK;FAX:0870 054 87 50 TEL;HOME;FAX:0870 054 87 50 TEL;HOME:0797 1589 201 ADR;WORK:;34 Farwell Road, Poole, Dorset. BH12 4PN. England.;34 Farwell Road,;Poole.;Dorset.;BH12 4PN;United Kingdom LABEL;WORK;ENCODING=QUOTED-PRINTABLE:34 Farwell Road, Poole, Dorset. BH12 4PN. England.=0D=0A34 Farwell Road,=0D= =0APoole., Dorset. BH12 4PN=0D=0AUnited Kingdom ADR;HOME:;;34 Farwell Road,;Poole.;Dorset.;BH12 4PN;United Kingdom LABEL;HOME;ENCODING=QUOTED-PRINTABLE:34 Farwell Road,=0D=0APoole., Dorset. BH12 4PN=0D=0AUnited Kingdom X-WAB-GENDER:2 URL: URL:http://www.devitto.com ROLE:General Technological Mischief BDAY:19721016 EMAIL;PREF;INTERNET:[EMAIL PROTECTED] EMAIL;INTERNET:[EMAIL PROTECTED] EMAIL;INTERNET:[EMAIL PROTECTED] REV:19990904T234548Z END:VCARD
