The proof-of-concepts which have been tested on multiple versions also list
a "not vulnerable" category if other versions have been tested.
I get the feeling that Ipswitch has washed its hands of the previous
version that is more than 90 days old. They take a passive approach to
security; setting back and waiting on 3rd parties to report problems. So
it's not like they've actually dusted off the 8.22 version code to look at
it.
Does the ':' in an E-mail address have any special significance to the ICS
collaboration suite?
"A lack of bounds
checking during the parsing of long strings contained within the
characters '@' and ':' leads to a stack overflow vulnerability. "
----- Original Message -----
But don't you think some white hat would've
tested 8.x in the process of checking the proof-of-concept? Not
necessarily, but it would be traditional.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
