There appears to be a definite buffer overflow problem with the HTTP 1.0
protocol that must be corrected. Since the exploit itself could be a
trojan, I haven't had time to instrument and fully run it in the lab except
to note that the success of the exploit may depend on the script kiddie's
local address and port. It can potentially be modified for other
addresses.
I probably won't have time to get to the patch ...agreed, it must be
considered a trojan itself and this exploit would be better blocked upstream
by the firewall.
----- Original Message -----
From: "John A Junod" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, July 28, 2002 8:05 AM
Subject: Re: [IMail Forum] IPSwitch IMail ADVISORY/EXPLOIT/PATCH
> I can't guarantee that this is not true, but our testing group
> did look into it and can't duplicate the error. It appears
> instead that this is simply a trick to get you to run the
> suggested patch. Please don't do that as it did not come from
> Ipswitch. We are still trying to determine exactly what the
> patch will really do to you.
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Please visit the Knowledge Base for answers to frequently asked
questions: http://www.ipswitch.com/support/IMail/
