Yes, but the smtp vulnerability is VERY concerning and not to have an answer by now is bordering on ridiculous. The smtpd vulnerability has remote execution of code...
Darrell -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Wolf / Internet Specialists Sent: Wednesday, December 07, 2005 2:03 PM To: [email protected] Subject: Re: [IMail Forum] Kevin Maybe you can answer this With the description of this issue per iDefense I would imagine that this problem is present in most all versions of Imail. Since the offending commands have to be issued by an IMAP user that has already authenticated I don't see it as a major issue. One of your own users would have to attack you, and they would have already been logged. Easy to catch them. II. DESCRIPTION Remote exploitation of a denial of service (DoS) vulnerability in Ipswitch Inc.'s Imail IMAP server allows attackers to crash the target service, thereby preventing legitimate use. The problem specifically exists in handling long arguments to the LIST command. When a LIST command of approximately 8000 bytes is supplied, internal string parsing routines can be manipulated in such a way as to reference non-allocated sections of memory. This parsing error results in an unhandled access violation, forcing the daemon to exit. III. ANALYSIS Exploitation allows remote attackers to crash vulnerable IMAP servers and thereby prevent legitimate usage. The LIST command is only available post authentication and therefore valid credentials are required to exploit this vulnerability. -Joe ----- Original Message ----- From: "Mark Reimer" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Wednesday, December 07, 2005 12:41 PM Subject: RE: [IMail Forum] Kevin Maybe you can answer this >I just got off the phone with tech support after 2+ hours. They don't know > if it affects prior versions because the vulnerability was reported for > 8.2. > He also let me know that if there is a vulnerability in prior versions we > have to upgrade to get the fix. I think I'll upgrade since 8.2 seems > stable. > > Mark Reimer > IT Project Manager > American CareSource > 800-370-5994 ext. 267 > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Darrell LaRock > Sent: Wednesday, December 07, 2005 12:23 PM > To: [email protected] > Subject: RE: [IMail Forum] Kevin Maybe you can answer this > > > We all would like to know this - IPSwitch - how about a comment here. > > Darrell > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Mark Reimer > Sent: Wednesday, December 07, 2005 1:06 PM > To: [email protected] > Subject: [IMail Forum] Kevin Maybe you can answer this > > Kevin, > I've been on hold for 2 hours now with technical support just to find out > if > pervious versions of Imail server before 8.2 were affected by these 2 new > vulnerabilities. Can you please shed some light on this? I need to know if > I'm ok or going to have to upgrade to 8.22. Thanks. > > Mark Reimer > IT Project Manager > American CareSource > 800-370-5994 ext. 267 > > > --- > [This E-mail has been scanned for viruses] > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > --- > [This E-mail has been scanned for viruses] > > > > > --- > [This E-mail has been scanned for viruses] > > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
