Reply to: Ed Taylor
Re: [IMail Forum] DoS vulnerability on Imail 5.x/6.x on Tuesday 9:53:10 AM
From: Roger Heath [EMAIL PROTECTED]
This is a new one, from what I can tell. I asked about the Imonitor
one in January and never saw a Ipswitch release on it ever, unless I
missed it? (see below)
E> Still no word on a fix? With all these IPSwitch people answering the
E> small/easy questions why isn't the BIG one being resolved or even
E> acknowledged?
E> IPSwitch please fix your DoS vulnerability issue.
E> http://www.securityfocus.com/bid/1094
> Wed, 12 Jan 2000 16:49:58 -0600
> Date: Wed, 12 Jan 2000 16:49:57 -0600
> From: Roger Heath <[EMAIL PROTECTED]>
> Subject: [IMail Forum] NTMag Imail Article
> This just came out on NTMag's Email Bulletins...
>
> Would be curious what Ipswitch recommends as a fix or strategy
> for this. Obviously this is minor if it is not a crucial service
> to run. I simply turned it off... and I am not sure it was needed
> here at any time any way..
>
> ===================================================================
> * IMAIL IMONITOR SUBJECT TO DENIAL OF SERVICE
> UssrLabs discovered a denial of service (DoS) condition in IPSwitch's
> IMail IMonitor Server 5.08 for Windows NT. The problem might also
> affect other versions of the software.
> Within Imonitor, a CGI script called status.cgi determines whether
> the server services are running. By executing the script many times in
> a short time period, IMonitor will crash, citing an Invalid Memory
> Address error. IPSwitch is aware of the problem but has not responded
> at the time of this writing.
> http://www.ntsecurity.net/go/load.asp?iD=/security/imonitor.htm
>
> --
--
bcnu
www.rleeheath.com
Roger Heath [EMAIL PROTECTED]
advanced internet services and software technology
advanced concepts in emergency medical technology
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
