Hi All, Just wanted to let you guys know that 8.14 HF1 is now available on the website.
http://www.ipswitch.com/support/imail/releases/imail_professional/index.html Jason H. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Matti Haack Sent: Tuesday, November 16, 2004 5:37 PM To: Jay Sudowski - Handy Networks, LLC Subject: Re: [IMail Forum] Possible Exploit: Did 8.14 fix this? JSHNL> So does anyone have any specific information on what versions of iMail JSHNL> are vulnerable, and if iMail 8.14 fixes this? This sounds like a very JSHNL> serious vulnerability, and it's somewhat shocking that there's been no JSHNL> comment from Ipswitch on this yet. If all products prior to XXX version JSHNL> are vulnerable, then they need to release that info ASAP. absolutly yes. I assume it will not be fixed in 8.14 But as stated in Bugtraq, the atacker has to log in with valid credetials first. To mitigate the impact furthermore, I set up a rule on our Intrusion prevention system to disable the delete command with long parameters. I use Tiny Windows Firewall. There is a free trial at http://www.tinysoftware.com/home/tiny2?s=5580796857586989425A0&offer=&pg=con tent&an=tf6_download Besides the firewall it contains an intrusion detection and preventing system based on (appendable) snort rules. Ipswitch: Will there be a fix soon? Are you working on it? Is there any workaround? Matti To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
