> On the IMail list they indicated that IMail 8.x is also affected and > possibly older versions as well.
A non-Ipswitch poster said that an anonymous tech indicated so. We all know that if that was a first-level tech... their word is not exactly gold. True, the IMail product manager chimed in to say that no patches of any kind are offered for older versions, but did not own up to this vulnerability, AFAICS. Not encouraging either way. It is notable that the various third-party advisories (most of them reprints, to be sure) specify: Ipswitch Collaboration 2006 Suite Premium Edition Ipswitch Collaboration 2006 Suite Standard Edition Ipswitch IMail 2006 Ipswitch IMail Plus 2006 Ipswitch IMail Secure 2006 If script kiddie code were in the wild, an upgrade-or-get-owned vulnerability in the thousands of IMail 6.x, 7.x, and 8.x MXs still in use is a MAJOR problem! But don't you think some white hat would've tested 8.x in the process of checking the proof-of-concept? Not necessarily, but it would be traditional. > The biggest issue here is that the first version with rudimentary > Safari support in webmail happens to be the latest with the > patch...? Hmm, I kinda saw the opposite, in that Kevin said of Safari support today (9/11), "This will be available in an expert user program in sept/oct and to the general public in the next release." It would, of course, behoove him to lightly imply (somewhere else?) that (a) the patched 2006.1 supports Safari and (b) 8.22's SMTPD is subject to the new vulnerability, but I don't believe either of these are true. --Sandy ------------------------------------ Sanford Whiteman, Chief Technologist Broadleaf Systems, a division of Cypress Integrated Systems, Inc. e-mail: [EMAIL PROTECTED] SpamAssassin plugs into Declude! http://www.imprimia.com/products/software/freeutils/SPAMC32/download/release/ Defuse Dictionary Attacks: Turn Exchange or IMail mailboxes into IMail Aliases! http://www.imprimia.com/products/software/freeutils/exchange2aliases/download/release/ http://www.imprimia.com/products/software/freeutils/ldap2aliases/download/release/ --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
