JJ, Very good point. IMHO I would consult IPSwitch Directly for these concerns. This list is viewed by perhaps thousands of people and I would hate to divulge any information that could be used for wrongful purposes (on or off list).
cheers, ~Rick > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of > [EMAIL PROTECTED] > Sent: Monday, July 07, 2003 1:08 PM - FamHost > To: [EMAIL PROTECTED] > Subject: RE: [IMail Forum]vulnerabilities > > > Thank you for pointing that out rich. > > But, what if someone wrote a creative script, and got around it? Is it > possible? > > For instance, by uploading an asp attatchment with the following: > > POST /Xafa79e9e9a9e9fce9cee0e4274/sendmail.39770.cgi HTTP/1.1 > Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, > application/vnd.ms-excel, application/vnd.ms-powerpoint, > application/msword, application/x-shockwave-flash, */* > Referer: > http://mail.mydomain.com:8383/Xafa79e9e9a9e9fce9cee0e4274/button.cgi > Accept-Language: en-us > Content-Type: multipart/form-data; > boundary=---------------------------7d31a022a0152 > Accept-Encoding: gzip, deflate > User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) > Host: mail.mydomain.com:8383 > Content-Length: 10114 > Connection: Keep-Alive > Cache-Control: no-cache > Cookie: myImailSessionKey=/Xafa79e9e9a9e9fce9cee0e4274; > myImailSessionNumber=22394; IMail_UserId=test; IMail_password=; myICal > > If called remotely, couldn't that open up a some problems for an > administrator? Is there an exception that if the ip addresses do not > revolve, then this problem might persist with such a script sitting in a > imail/spool/web folder? > > J.J. Beatrice, President > Commandline Media, LLC > http://www.commandlinemedia.com/ > 877-306-8777 TF > California > 310-306-8777 T > 310-306-0887 F > Ohio > 440-684-0483 T/F > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Rick Leske > Sent: Monday, July 07, 2003 6:44 AM > To: [EMAIL PROTECTED] > Subject: RE: [IMail Forum]vulnerabilities > > Well if you would bother reading the link you posted you would know that > there is no known issues. > > ~Rick > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] Behalf Of > > [EMAIL PROTECTED] > > Sent: Monday, July 07, 2003 10:03 AM - FamHost > > To: [EMAIL PROTECTED] > > Subject: [IMail Forum]vulnerabilities > > > > > > To Whom It May Concern: > > > > What is the status of the vulnerabilites described here? > > > > http://cert.uni-stuttgart.de/archive/bugtraq/2001/10/msg00082.html > > > > As administrators, should we purge any questionable items in the > > imail/spool/web directory? > > > > What would ipswitch recommend? > > > > > > J.J. Beatrice, President > > Commandline Media, LLC > > http://www.commandlinemedia.com/ > > 877-306-8777 TF > > California > > 310-306-8777 T > > 310-306-0887 F > > Ohio > > 440-684-0483 T/F > > ___________________________________________________________________ Virus Scanned and Filtered by http://www.FamHost.com E-Mail System. To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
