On 02/27/2013 10:29 AM, Yahya CyberCloud wrote: > A weakness, a security issue, and multiple vulnerabilities have been > reported in MDaemon, which can be exploited by malicious users to > bypass certain security restrictions and by malicious people to > conduct session hijacking, cross-site request forgery, and script > insertion attacks, manipulate certain data, disclose certain > sensitive information, and cause a DoS (Denial of Service).
> Successful exploitation of this vulnerability requires the "Strip > X-Headers" setting to be enabled. > > The vulnerabilities are reported in versions prior to 13.0.4. > > SOLUTION: > Update to version 13.0.4. Terimakasih, sudah pernah disampaikan di milis ini. http://www.mail-archive.com/[email protected]/msg27116.html -- syafril ------- Syafril Hermansyah MDaemon-L Moderators, running MDaemon 13.0.4 SecurityPlus 4.1.5 Harap tidak cc: atau kirim ke private mail untuk masalah MDaemon. -- --[MDaemon-L]------------------------------------------------ Milis ini untuk Diskusi antar pengguna MDaemon Mail Server. Netiket: http://www.netmeister.org/news/learn2quote Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.co.id Henti Langgan: Kirim mail ke MDaemon-L-unsubscribe [at] dutaint.com Berlangganan: kirim mail ke MDaemon-L-subscribe [at] dutaint.com Versi terakhir MD 13.0.4, SP 4.1.5, BES 2.0.1, OC 2.3.1, SG 2.0.8, PP 2.0.0
