Stephan, No, this exploit seems to only exist in version 8.1 and later.
Jason H. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Stephan Moskovic Sent: Wednesday, November 17, 2004 2:26 PM To: [EMAIL PROTECTED] Subject: Re: [IMail Forum] IMail Server 8.14 HF1 Released Hi Jason, Is 8.0x also vulnerable to this exploit? Stephan. At 02:06 PM 11/17/2004, you wrote: >Hi All, > >Just wanted to let you guys know that 8.14 HF1 is now available on the >website. > >http://www.ipswitch.com/support/imail/releases/imail_professional/index.htm l > >Jason H. > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED] Behalf Of Matti Haack >Sent: Tuesday, November 16, 2004 5:37 PM >To: Jay Sudowski - Handy Networks, LLC >Subject: Re: [IMail Forum] Possible Exploit: Did 8.14 fix this? > > >JSHNL> So does anyone have any specific information on what versions of >iMail >JSHNL> are vulnerable, and if iMail 8.14 fixes this? This sounds like a >very >JSHNL> serious vulnerability, and it's somewhat shocking that there's been >no >JSHNL> comment from Ipswitch on this yet. If all products prior to XXX >version >JSHNL> are vulnerable, then they need to release that info ASAP. >absolutly yes. I assume it will not be fixed in 8.14 > >But as stated in Bugtraq, the atacker has to log in with valid >credetials first. >To mitigate the impact furthermore, >I set up a rule on our Intrusion prevention system to disable the >delete command with long parameters. >I use Tiny Windows Firewall. There is >a free trial at >http://www.tinysoftware.com/home/tiny2?s=5580796857586989425A0&offer=&pg=co n >tent&an=tf6_download >Besides the firewall it contains an intrusion detection and preventing >system based on (appendable) snort rules. > >Ipswitch: Will there be a fix soon? Are you working on it? Is there >any workaround? > > >Matti > > > >To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html >List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ > > >To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html >List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ >Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
