One other thing to mention it looks like HF2 for 8.20 fixes all of the vulnerabilities - the smtpd32 issue looks like that was a bug fix and not part of the vulnerabilities.
a.. IMAP4d32: Fixed crash when malicious LSUB encountered. b.. IMAP4D32: Fixed crash when SELECTing mailbox name with close to 256 characters. c.. IMAP4D32: Fixed crash when LOGIN userid was excessively long. d.. IMAP4D32: Fixed crash when STATUS mailbox name was excessively long. e.. SMTPD32: Fixed bug causing corruption of attached files. f.. QUEUEMGR: Fixed bug causing log information to be saved to wrong file. g.. Web Calendaring: Removed vulnerability whereby user could read server files using ....\ in GET. Darrell ----- Original Message ----- From: "Darrell ([EMAIL PROTECTED])" <[EMAIL PROTECTED]> To: <Declude.JunkMail@declude.com> Sent: Tuesday, May 24, 2005 6:37 PM Subject: Re: [Declude.JunkMail] IMail Server Vulnerabilities... > It looks like it will be 4 IMAP Vulnerabilties and 1 Web Calendering > vulnerability. > > Darrell > > ------------------------------------------- > invURIBL - Intelligent URI Filtering. Stops 85%+ SPAM with the default > configuration. Download a copy today - http://www.invariantsystems.com > > ----- Original Message ----- > From: "Darin Cox" <[EMAIL PROTECTED]> > To: <Declude.JunkMail@declude.com> > Sent: Tuesday, May 24, 2005 5:33 PM > Subject: Re: [Declude.JunkMail] IMail Server Vulnerabilities... > > > > Well, I was _trying_ to take the high road...<grin> > > > > Hopefully, as Kevin is suggesting, the webmail vulnerability is only with > > calendaring. > > > > Darin. > > > > > > ----- Original Message ----- > > From: "Matt Robertson" <[EMAIL PROTECTED]> > > To: <Declude.JunkMail@declude.com> > > Sent: Tuesday, May 24, 2005 5:26 PM > > Subject: Re: [Declude.JunkMail] IMail Server Vulnerabilities... > > > > > > > So, question is... will Ipswitch create hotfixes or workarounds for > > versions > > > before 8.2? Or is everyone forced to upgrade to 8.2? > > > > Wanna make a bet on which? :-) > > > > -- > > --mattRobertson-- > > Janitor, MSB Web Systems > > mysecretbase.com > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.JunkMail". The archives can be found > > at http://www.mail-archive.com. > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.JunkMail". The archives can be found > > at http://www.mail-archive.com. > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
