Thank you for pointing that out rich. But, what if someone wrote a creative script, and got around it? Is it possible?
For instance, by uploading an asp attatchment with the following: POST /Xafa79e9e9a9e9fce9cee0e4274/sendmail.39770.cgi HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash, */* Referer: http://mail.mydomain.com:8383/Xafa79e9e9a9e9fce9cee0e4274/button.cgi Accept-Language: en-us Content-Type: multipart/form-data; boundary=---------------------------7d31a022a0152 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Host: mail.mydomain.com:8383 Content-Length: 10114 Connection: Keep-Alive Cache-Control: no-cache Cookie: myImailSessionKey=/Xafa79e9e9a9e9fce9cee0e4274; myImailSessionNumber=22394; IMail_UserId=test; IMail_password=; myICal If called remotely, couldn't that open up a some problems for an administrator? Is there an exception that if the ip addresses do not revolve, then this problem might persist with such a script sitting in a imail/spool/web folder? J.J. Beatrice, President Commandline Media, LLC http://www.commandlinemedia.com/ 877-306-8777 TF California 310-306-8777 T 310-306-0887 F Ohio 440-684-0483 T/F -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Leske Sent: Monday, July 07, 2003 6:44 AM To: [EMAIL PROTECTED] Subject: RE: [IMail Forum]vulnerabilities Well if you would bother reading the link you posted you would know that there is no known issues. ~Rick > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > [EMAIL PROTECTED] > Sent: Monday, July 07, 2003 10:03 AM - FamHost > To: [EMAIL PROTECTED] > Subject: [IMail Forum]vulnerabilities > > > To Whom It May Concern: > > What is the status of the vulnerabilites described here? > > http://cert.uni-stuttgart.de/archive/bugtraq/2001/10/msg00082.html > > As administrators, should we purge any questionable items in the > imail/spool/web directory? > > What would ipswitch recommend? > > > J.J. Beatrice, President > Commandline Media, LLC > http://www.commandlinemedia.com/ > 877-306-8777 TF > California > 310-306-8777 T > 310-306-0887 F > Ohio > 440-684-0483 T/F > > ___________________________________________________________________ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/ To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
