JSHNL> So does anyone have any specific information on what versions of iMail JSHNL> are vulnerable, and if iMail 8.14 fixes this? This sounds like a very JSHNL> serious vulnerability, and it's somewhat shocking that there's been no JSHNL> comment from Ipswitch on this yet. If all products prior to XXX version JSHNL> are vulnerable, then they need to release that info ASAP. absolutly yes. I assume it will not be fixed in 8.14
But as stated in Bugtraq, the atacker has to log in with valid credetials first. To mitigate the impact furthermore, I set up a rule on our Intrusion prevention system to disable the delete command with long parameters. I use Tiny Windows Firewall. There is a free trial at http://www.tinysoftware.com/home/tiny2?s=5580796857586989425A0&offer=&pg=content&an=tf6_download Besides the firewall it contains an intrusion detection and preventing system based on (appendable) snort rules. Ipswitch: Will there be a fix soon? Are you working on it? Is there any workaround? Matti To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
