Re: [IMail Forum] Fwd: IpSwitch IMAP Server LOGON stack overflow

Bill Landry Fri, 10 Jun 2005 14:10:40 -0700

Weren't these issues addressed in 8.15 HF2? Here is what was fixed in HF2,for both 8.15 & 8.2 verisons of IMail(http://www.ipswitch.com/support/imail/releases/imail_professional/index.html):


IMail Server 8.15 Hotfix 2 - May 23, 2005

This hotfix fixes various IMAP4D32, SMTPD32, QUEUEMGR and Web Calendaringissues. These were found and fixed with the help of iDEFENSE, Inc.

For more information see http://idefense.com.


And found at : http://support.ipswitch.com/kb/IC-20050429-DM01.htm

Question/Problem: What does Hot Fix 2 fix?
Answer/Solution:

 a.. IMAP4D32: Fixed crash when malicious LSUB encountered.

b.. IMAP4D32: Fixed crash when SELECTing mailbox name with close to 256characters.

 c.. IMAP4D32: Fixed crash when LOGIN userid was excessively long.
 d.. IMAP4D32: Fixed crash when STATUS mailbox name was excessively long.
 e.. QUEUEMGR: Fixed bug causing log information to be saved to wrong file.

f.. Web Calendaring: Removed vulnerability whereby user could read serverfiles using ....\ in GET


Bill

----- Original Message -----From: "Joe Wolf" <[EMAIL PROTECTED]>

To: <[email protected]>
Sent: Friday, June 10, 2005 1:17 PM
Subject: Re: [IMail Forum] Fwd: IpSwitch IMAP Server LOGON stack overflow

The vulnerable versions are published at:
http://www.securityfocus.com/bid/13727
It does not list 7.15 (closest is 7.12) but I don't know why 7.15 wouldnot be vulnerable. Not saying that it is, would seem logical that it isvulnerable.
-Joe
----- Original Message -----From: "Michael Hoyt" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Friday, June 10, 2005 2:21 PM
Subject: Re: [IMail Forum] Fwd: IpSwitch IMAP Server LOGON stack overflow
Are those of us running 7.15 vulnerable. I seem to remember an URL linkinan earlier thread about this vulnerability that omitted version 7.15 inthe
list of vulnerable versions (perhaps that was an oversight).  If 7.15 is
vulnerable, will there be a hotfix or are we scr*wed?

Michael Hoyt
Communication Arts
110 Constitution Drive
Menlo Park, CA  94025
(650) 326-6040  fax:(650) 326-1648

e-mail: [EMAIL PROTECTED]
Web Site: http://www.commarts.com
----- Original Message -----From: "Russ Uhte" <[EMAIL PROTECTED]>
To: <[email protected]>
Sent: Friday, June 10, 2005 6:43 AM
Subject: Re: [IMail Forum] Fwd: IpSwitch IMAP Server LOGON stack overflow



To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive:http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/



To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/

Re: [IMail Forum] Fwd: IpSwitch IMAP Server LOGON stack overflow

Reply via email to