To be a little more clear..These were fixed when we got notified about them
for the current released version and the major release prior to the current
one. So anyone running 8.1x or better can be safe from these exploits by
keeping their version up to date with the patches that they are entitled to
(8.15 HF2 and 8.20 HF2).
Hope that helps
Eric S
----- Original Message -----
From: "dstrz " <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Friday, August 12, 2005 4:02 PM
Subject: RE: [IMail Forum] IMAP service stopping...
I'm not sure if I am interpreting your reponse correctly.
Do you mean...
the user's responsibility to keep their existing version up-to-date by
applying patches released by Ipswitch to address security vulnerabilities
in their software with known exploits in the wild
Or
the user's responsibility to open their wallet to the tune of $10,000
(give or take) at the software developer's whim, or whenever they decide
to change the definition of "current version."
Can you clarify?
-Dave
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Eric Shanbrom
Sent: Friday, August 12, 2005 3:48 PM
To: [email protected]
Subject: Re: [IMail Forum] IMAP service stopping...
A better fix would be to keep IMail up to date. These were addressed in
the
current version
Eric S
----- Original Message -----
From: "dstrz " <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Friday, August 12, 2005 12:37 PM
Subject: Re: [IMail Forum] IMAP service stopping...
FYI -
I am running a fully-patched Win2000 server (SP4 & all critical updates)
and I got hit this morning with this exploit. Someone crashed the IMAP
service and dropped a Trojan (rpcmon.exe) on my server.
My HOSTS file was FUBAR and there were 30-or-so TCP ports listening in
the
1100-1130 range, presumably for IRC.
Fortunately those ports are firewalled to the Internet, but I'm still
cleaning up.
I modified the IMAP "Hello Message" to remove any reference to "IMail" in
a security-through-obscurity act of desperation, but of course the
vulnerability still exists. Thanks, Ipswitch!
-Dave
---------------------------
Re: [IMail Forum] IMAP service stopping...
Russ Uhte
Tue, 09 Aug 2005 07:56:20 -0700
Bonno Bloksma wrote:
Hi,
So THAT is the way these trojans are getting into my mailserver...
:-(((( Sophos is getting them but I was unable to find the attac vector.
That's it. According to the source code, it's only a DoS on Windows 2000
SP2 or greater. On anything prior to that, it actually spawns a reverse
shell to the attacker. At that point, you're rooted. If the attacker's
smart enough, you'll never be able to clean that machine without a format
re-install.
Grrrrrrr. So it seesm this bug is only fixed in IMail 8.2 and was never
fixed in earlier versions. Might have been nice of Ipswitch to have a BIG
warning on their site to tell us about his. I had heard about a buffer
overflow in IMail but was unable to verify which parts were vulnerable.
I'll be on the phone with them in a few minutes to see what action I need
to take.
Luckily, I was running SP2 when I got hit, so it was only a DoS for me. I
don't have a bunch of people using IMAP, so I just shut the service down
completely. Obviously that's not an option for a shop that relies heavily
on IMAP. I'm running 8.15, with no plans to upgrade to another version of
IMail. I didn't like the way the company was going, and I sure wasn't
gonna spend more money for a product I didn't believe in.
Let us know what they tell you.
People.... there ARE worms loose using this vulnerability to penetrate
the
mailserver. Sophos reports it as Troj/ServU-Gen.
My biggest concern was what if this would have been a POP3 vuln. I would
have been toast. I can't take that chance on my server. Therefore, qmail
:)
Thanks,
Russ
---
[This E-mail scanned for viruses by Declude Virus]
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
