I agree with Jason and others and also will underline what the public available exploit can do for everyone who spend some minutes (for thus who haven't read the code at http://www.securiteam.com/exploits/6G00L0KH5E.html
Payload Options (for your server!!!) 1 = Share C:\\ as 'Export' Share 2 = Add User 'Error' with Password 'Error' 3 = Win32 Bind CMD to Port 4444 4 = Change Administrator Password to '[EMAIL PROTECTED]' Well at least having the server behind a firewall would prevent from problems with 1 and 3. Maybe it would also be usefull to create a dummy user "error" with another password in order to prevent a successfull adduser-call. For the same reason it would also be usefull to rename the "administrator" name in order to prevent a successfull changepass-call. But all this would not realy help as many people around the world are capable to write other payloads who can do everything on your server and maybe has already done without your knowledge! The question from the view of a 8.x-Admin is: would it be a good idea to bring Ipswitch's non-reaction widely publicable (newspapers, newsletters, ..) or maybe bether not, in order to let the own server survive at least some days or weeks longer. I can't imagine that the spending for a 8.x patch would be realy big. So we have to assume that Ipswitch's decision is based on (harshly?) commercial considerations and so it maybe would be a good idea for as many from us who are affected by this "decisions" to "change things" that the original decision becomes completely insignificant. I'm sure many of us knows people or has access to channels who are ready to publish some interesting news based on facts. Ipswitch: even if I would - due to many changes and still existing problems I can't switch to your newest product. Could you provide me a 8.x-patch for the cost of a new 2006 license? Do you realy intend to make such business? As an Imail-Admin from 3.x times on I know that there are ways to convert your ideas. Do you remember the ImailAdmin GUI-bug after the MS-patch? Markus To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
