Bonno Bloksma wrote:
Hi,
So THAT is the way these trojans are getting into my mailserver...
:-(((( Sophos is getting them but I was unable to find the attac vector.
That's it. According to the source code, it's only a DoS on Windows
2000 SP2 or greater. On anything prior to that, it actually spawns a
reverse shell to the attacker. At that point, you're rooted. If the
attacker's smart enough, you'll never be able to clean that machine
without a format re-install.
Grrrrrrr. So it seesm this bug is only fixed in IMail 8.2 and was never
fixed in earlier versions. Might have been nice of Ipswitch to have a
BIG warning on their site to tell us about his. I had heard about a
buffer overflow in IMail but was unable to verify which parts were
vulnerable. I'll be on the phone with them in a few minutes to see what
action I need to take.
Luckily, I was running SP2 when I got hit, so it was only a DoS for me.
I don't have a bunch of people using IMAP, so I just shut the
service down completely. Obviously that's not an option for a shop that
relies heavily on IMAP. I'm running 8.15, with no plans to upgrade to
another version of IMail. I didn't like the way the company was going,
and I sure wasn't gonna spend more money for a product I didn't believe in.
Let us know what they tell you.
People.... there ARE worms loose using this vulnerability to penetrate
the mailserver. Sophos reports it as Troj/ServU-Gen.
My biggest concern was what if this would have been a POP3 vuln. I
would have been toast. I can't take that chance on my server.
Therefore, qmail :)
Thanks,
Russ
---
[This E-mail scanned for viruses by Declude Virus]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
