Thanks for spelling this out. Here's another question, is Imail suceptible
to this, beside internal attacks, if it is behind other gateway products and
the smtp service is not directly accessible to the internet. Such as IMGate
or hMailserver or any other currently maintained MTA. Would this be a
solution for those running older versions of Imail that do not want to
upgrade to 2006 or 8.x for that matter?
Not quite knowing how SMTP vulnerabilities are exploited, I am assuming that
this can not be executed by simply sending an email to a vulnerable Imail
server but requires direct access to the SMTP service so maybe even a proxy
like ASSP will be disruptive enough to block this attack.
Doug Traylor
----- Original Message -----
From: "Markus" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Wednesday, October 25, 2006 8:32 AM
Subject: RE: [IMail Forum] It is worth it to buy the SA?
I agree with Jason and others and also will underline what the public
available exploit can do for everyone who spend some minutes (for thus who
haven't read the code at
http://www.securiteam.com/exploits/6G00L0KH5E.html
Payload Options (for your server!!!)
1 = Share C:\\ as 'Export' Share
2 = Add User 'Error' with Password 'Error'
3 = Win32 Bind CMD to Port 4444
4 = Change Administrator Password to '[EMAIL PROTECTED]'
Well at least having the server behind a firewall would prevent from
problems with 1 and 3. Maybe it would also be usefull to create a dummy
user "error" with another password in order to prevent a successfull
adduser-call.
For the same reason it would also be usefull to rename the "administrator"
name in order to prevent a successfull changepass-call.
But all this would not realy help as many people around the world are
capable to write other payloads who can do everything on your server and
maybe has already done without your knowledge!
The question from the view of a 8.x-Admin is: would it be a good idea to
bring Ipswitch's non-reaction widely publicable (newspapers, newsletters,
..) or maybe bether not, in order to let the own server survive at least
some days or weeks longer.
I can't imagine that the spending for a 8.x patch would be realy big. So
we have to assume that Ipswitch's decision is based on (harshly?)
commercial considerations and so it maybe would be a good idea for as many
from us who are affected by this "decisions" to "change things" that the
original decision becomes completely insignificant. I'm sure many of us
knows people or has access to channels who are ready to publish some
interesting news based on facts.
Ipswitch: even if I would - due to many changes and still existing
problems I can't switch to your newest product. Could you provide me a
8.x-patch for the cost of a new 2006 license? Do you realy intend to make
such business?
As an Imail-Admin from 3.x times on I know that there are ways to convert
your ideas. Do you remember the ImailAdmin GUI-bug after the MS-patch?
Markus
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
