It more than likley affects older versions of IMail the current version is a rehash of 8.22 with the .net webmail placed on top of it. Looking a the date the vulnerability was initially discovered and reported it IPSwitch, 2005.12.13 - Vulnerability reported to vendor, so Ip switch had known about this for 3 months before issuing a fix for the issue.
Being that they were notified shortly after the release of 2006 I would say yes older versions do have the vulnerability. Kevin Bilbee > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Jay Sudowski - > Handy Networks LLC > Sent: Tuesday, March 14, 2006 10:07 AM > To: [email protected] > Subject: RE: [IMail Forum] Ipswitch Collaboration Suite Code Execution > Vulnerability time to upgrade to .03 if you are running 2006 > > > In typical IPSwitch fashion, no information is provided about the extent > of this issue on previous versions of iMail (8.x, 7.x, etc). Are these > versions vulnerable? > > -Jay > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Matti Haack > Sent: Tuesday, March 14, 2006 6:49 AM > To: [email protected] > Subject: [IMail Forum] Ipswitch Collaboration Suite Code Execution > Vulnerability time to upgrade to .03 if you are running 2006 > > "Vulnerability Details: > > This vulnerability allows remote attackers to execute arbitrary code on > vulnerable installations of Ipswitch Collaboration Suite. Authentication > is required to exploit this vulnerability. This specific flaw exists > within the IMAP daemon. A lack of bounds checking during the parsing of > long arguments to the FETCH verb can result in an exploitable buffer > overflow." > http://www.zerodayinitiative.com/advisories/ZDI-06-003.html > > http://www.ipswitch.com/support/ics/updates/ics200603prem.asp > > Greetings > Matti > > > > - > Matti Haack - Hit Haack IT Service Gmbh > Poltlbauer Weg 4, D-94036 Passau > +49 851 50477-22 Fax: +49 851 50477-29 > http://www.haack-it.de > > > > Dieses Dokument ist ausschliesslich fuer den Adressaten bestimmt. > Jegliche Art von Reproduktion, Verbreitung, Vervielfaeltigung, > Modifikation, Verteilung und/oder Publikation dieser E-Mail-Nachricht > ist untersagt, soweit dies nicht ausdruecklich genehmigt wurde. > Jegliche Haftung fur Ansprueche, die aufgrund der Kommunikation per > E-Mail begruendet werden koennten, ist ausgeschlossen, soweit der > Haftungsausschluss gesetzlich zulaessig ist. > > -- Ausgehende E-Mail wurde auf Viren gescannt -- To Unsubscribe: > http://www.ipswitch.com/support/mailing-lists.html > List Archive: > http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html > List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ > Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
