Re: [Declude.JunkMail] IMail Server Vulnerabilities...
Most of our customers that use a calendaring solution use Exchange as an internal server. Darin. - Original Message - From: "Jonathan" <[EMAIL PROTECTED]> To: Sent: Tuesday, May 24, 2005 6:40 PM Subject: Re: [Declude.JunkMail] IMail Server Vulnerabilities... Huh? What? Not useful? IPSwitch is charging thousands of dollars for that very feature on steroids .. Jonathan Darin Cox wrote: >Was the webmail vulnerability only with web calendaring? We might be able >to get away with turning it off. It hasn't been a very useful product for >our customers, so I doubt many of them are using it. > >I was concerned that there might be vulnerabilities in the main webmail >product... > >Darin. > > >- Original Message - >From: "Kevin Bilbee" <[EMAIL PROTECTED]> >To: >Sent: Tuesday, May 24, 2005 5:26 PM >Subject: RE: [Declude.JunkMail] IMail Server Vulnerabilities... > > >Or turn off IMAP and web calendaring > > >Kevin Bilbee > > > >>-Original Message- >>From: [EMAIL PROTECTED] >>[mailto:[EMAIL PROTECTED] Behalf Of Darin Cox >>Sent: Tuesday, May 24, 2005 12:58 PM >>To: Declude.JunkMail@declude.com >>Subject: Re: [Declude.JunkMail] IMail Server Vulnerabilities... >> >> >>Thanks for the FYI, Mike. >> >>So, question is... will Ipswitch create hotfixes or workarounds >>for versions >>before 8.2? Or is everyone forced to upgrade to 8.2? >> >>Darin. >> >> >>- Original Message - >>From: "Michael L. Hardrick" <[EMAIL PROTECTED]> >>To: >>Sent: Tuesday, May 24, 2005 3:49 PM >>Subject: [Declude.JunkMail] IMail Server Vulnerabilities... >> >> >>Ipswitch IMail Server Multiple Unspecified Vulnerabilities >>http://www.securityfocus.com/bid/13727?ref=rss >> >>Just a FYI... >> >>--Mike >>--- >>This E-mail came from the Declude.JunkMail mailing list. To >>unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >>type "unsubscribe Declude.JunkMail". The archives can be found >>at http://www.mail-archive.com. >> >>--- >>This E-mail came from the Declude.JunkMail mailing list. To >>unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >>type "unsubscribe Declude.JunkMail". The archives can be found >>at http://www.mail-archive.com. >> >> >> >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.JunkMail". The archives can be found >at http://www.mail-archive.com. > >--- >This E-mail came from the Declude.JunkMail mailing list. To >unsubscribe, just send an E-mail to [EMAIL PROTECTED], and >type "unsubscribe Declude.JunkMail". The archives can be found >at http://www.mail-archive.com. > > > > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IMail Server Vulnerabilities...
Oh, right...I didn't read it closely enough to realize it was just web calendaring and not webmail as well. Thanks. Darin. - Original Message - From: "Darrell ([EMAIL PROTECTED])" <[EMAIL PROTECTED]> To: Sent: Tuesday, May 24, 2005 6:37 PM Subject: Re: [Declude.JunkMail] IMail Server Vulnerabilities... It looks like it will be 4 IMAP Vulnerabilties and 1 Web Calendering vulnerability. Darrell --- invURIBL - Intelligent URI Filtering. Stops 85%+ SPAM with the default configuration. Download a copy today - http://www.invariantsystems.com - Original Message - From: "Darin Cox" <[EMAIL PROTECTED]> To: Sent: Tuesday, May 24, 2005 5:33 PM Subject: Re: [Declude.JunkMail] IMail Server Vulnerabilities... > Well, I was _trying_ to take the high road... > > Hopefully, as Kevin is suggesting, the webmail vulnerability is only with > calendaring. > > Darin. > > > - Original Message - > From: "Matt Robertson" <[EMAIL PROTECTED]> > To: > Sent: Tuesday, May 24, 2005 5:26 PM > Subject: Re: [Declude.JunkMail] IMail Server Vulnerabilities... > > > > So, question is... will Ipswitch create hotfixes or workarounds for > versions > > before 8.2? Or is everyone forced to upgrade to 8.2? > > Wanna make a bet on which? :-) > > -- > --mattRobertson-- > Janitor, MSB Web Systems > mysecretbase.com > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IMail Server Vulnerabilities...
One other thing to mention it looks like HF2 for 8.20 fixes all of the vulnerabilities - the smtpd32 issue looks like that was a bug fix and not part of the vulnerabilities. a.. IMAP4d32: Fixed crash when malicious LSUB encountered. b.. IMAP4D32: Fixed crash when SELECTing mailbox name with close to 256 characters. c.. IMAP4D32: Fixed crash when LOGIN userid was excessively long. d.. IMAP4D32: Fixed crash when STATUS mailbox name was excessively long. e.. SMTPD32: Fixed bug causing corruption of attached files. f.. QUEUEMGR: Fixed bug causing log information to be saved to wrong file. g.. Web Calendaring: Removed vulnerability whereby user could read server files using \ in GET. Darrell - Original Message - From: "Darrell ([EMAIL PROTECTED])" <[EMAIL PROTECTED]> To: Sent: Tuesday, May 24, 2005 6:37 PM Subject: Re: [Declude.JunkMail] IMail Server Vulnerabilities... > It looks like it will be 4 IMAP Vulnerabilties and 1 Web Calendering > vulnerability. > > Darrell > > --- > invURIBL - Intelligent URI Filtering. Stops 85%+ SPAM with the default > configuration. Download a copy today - http://www.invariantsystems.com > > - Original Message - > From: "Darin Cox" <[EMAIL PROTECTED]> > To: > Sent: Tuesday, May 24, 2005 5:33 PM > Subject: Re: [Declude.JunkMail] IMail Server Vulnerabilities... > > > > Well, I was _trying_ to take the high road... > > > > Hopefully, as Kevin is suggesting, the webmail vulnerability is only with > > calendaring. > > > > Darin. > > > > > > - Original Message ----- > > From: "Matt Robertson" <[EMAIL PROTECTED]> > > To: > > Sent: Tuesday, May 24, 2005 5:26 PM > > Subject: Re: [Declude.JunkMail] IMail Server Vulnerabilities... > > > > > > > So, question is... will Ipswitch create hotfixes or workarounds for > > versions > > > before 8.2? Or is everyone forced to upgrade to 8.2? > > > > Wanna make a bet on which? :-) > > > > -- > > --mattRobertson-- > > Janitor, MSB Web Systems > > mysecretbase.com > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.JunkMail". The archives can be found > > at http://www.mail-archive.com. > > > > --- > > This E-mail came from the Declude.JunkMail mailing list. To > > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > > type "unsubscribe Declude.JunkMail". The archives can be found > > at http://www.mail-archive.com. > > > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IMail Server Vulnerabilities...
8.1x has the patch out - I would suggest posting to the Imail list for info on earlier versions? Regards, -Nick Darrell ([EMAIL PROTECTED]) wrote: It looks like it will be 4 IMAP Vulnerabilties and 1 Web Calendering vulnerability. Darrell --- invURIBL - Intelligent URI Filtering. Stops 85%+ SPAM with the default configuration. Download a copy today - http://www.invariantsystems.com - Original Message - From: "Darin Cox" <[EMAIL PROTECTED]> To: Sent: Tuesday, May 24, 2005 5:33 PM Subject: Re: [Declude.JunkMail] IMail Server Vulnerabilities... Well, I was _trying_ to take the high road... Hopefully, as Kevin is suggesting, the webmail vulnerability is only with calendaring. Darin. - Original Message - From: "Matt Robertson" <[EMAIL PROTECTED]> To: Sent: Tuesday, May 24, 2005 5:26 PM Subject: Re: [Declude.JunkMail] IMail Server Vulnerabilities... So, question is... will Ipswitch create hotfixes or workarounds for versions before 8.2? Or is everyone forced to upgrade to 8.2? Wanna make a bet on which? :-) -- --mattRobertson-- Janitor, MSB Web Systems mysecretbase.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IMail Server Vulnerabilities...
Huh? What? Not useful? IPSwitch is charging thousands of dollars for that very feature on steroids .. Jonathan Darin Cox wrote: Was the webmail vulnerability only with web calendaring? We might be able to get away with turning it off. It hasn't been a very useful product for our customers, so I doubt many of them are using it. I was concerned that there might be vulnerabilities in the main webmail product... Darin. - Original Message - From: "Kevin Bilbee" <[EMAIL PROTECTED]> To: Sent: Tuesday, May 24, 2005 5:26 PM Subject: RE: [Declude.JunkMail] IMail Server Vulnerabilities... Or turn off IMAP and web calendaring Kevin Bilbee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Darin Cox Sent: Tuesday, May 24, 2005 12:58 PM To: Declude.JunkMail@declude.com Subject: Re: [Declude.JunkMail] IMail Server Vulnerabilities... Thanks for the FYI, Mike. So, question is... will Ipswitch create hotfixes or workarounds for versions before 8.2? Or is everyone forced to upgrade to 8.2? Darin. - Original Message - From: "Michael L. Hardrick" <[EMAIL PROTECTED]> To: Sent: Tuesday, May 24, 2005 3:49 PM Subject: [Declude.JunkMail] IMail Server Vulnerabilities... Ipswitch IMail Server Multiple Unspecified Vulnerabilities http://www.securityfocus.com/bid/13727?ref=rss Just a FYI... --Mike --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IMail Server Vulnerabilities...
It looks like it will be 4 IMAP Vulnerabilties and 1 Web Calendering vulnerability. Darrell --- invURIBL - Intelligent URI Filtering. Stops 85%+ SPAM with the default configuration. Download a copy today - http://www.invariantsystems.com - Original Message - From: "Darin Cox" <[EMAIL PROTECTED]> To: Sent: Tuesday, May 24, 2005 5:33 PM Subject: Re: [Declude.JunkMail] IMail Server Vulnerabilities... > Well, I was _trying_ to take the high road... > > Hopefully, as Kevin is suggesting, the webmail vulnerability is only with > calendaring. > > Darin. > > > - Original Message - > From: "Matt Robertson" <[EMAIL PROTECTED]> > To: > Sent: Tuesday, May 24, 2005 5:26 PM > Subject: Re: [Declude.JunkMail] IMail Server Vulnerabilities... > > > > So, question is... will Ipswitch create hotfixes or workarounds for > versions > > before 8.2? Or is everyone forced to upgrade to 8.2? > > Wanna make a bet on which? :-) > > -- > --mattRobertson-- > Janitor, MSB Web Systems > mysecretbase.com > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IMail Server Vulnerabilities...
Was the webmail vulnerability only with web calendaring? We might be able to get away with turning it off. It hasn't been a very useful product for our customers, so I doubt many of them are using it. I was concerned that there might be vulnerabilities in the main webmail product... Darin. - Original Message - From: "Kevin Bilbee" <[EMAIL PROTECTED]> To: Sent: Tuesday, May 24, 2005 5:26 PM Subject: RE: [Declude.JunkMail] IMail Server Vulnerabilities... Or turn off IMAP and web calendaring Kevin Bilbee > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Darin Cox > Sent: Tuesday, May 24, 2005 12:58 PM > To: Declude.JunkMail@declude.com > Subject: Re: [Declude.JunkMail] IMail Server Vulnerabilities... > > > Thanks for the FYI, Mike. > > So, question is... will Ipswitch create hotfixes or workarounds > for versions > before 8.2? Or is everyone forced to upgrade to 8.2? > > Darin. > > > - Original Message - > From: "Michael L. Hardrick" <[EMAIL PROTECTED]> > To: > Sent: Tuesday, May 24, 2005 3:49 PM > Subject: [Declude.JunkMail] IMail Server Vulnerabilities... > > > Ipswitch IMail Server Multiple Unspecified Vulnerabilities > http://www.securityfocus.com/bid/13727?ref=rss > > Just a FYI... > > --Mike > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IMail Server Vulnerabilities...
Well, I was _trying_ to take the high road... Hopefully, as Kevin is suggesting, the webmail vulnerability is only with calendaring. Darin. - Original Message - From: "Matt Robertson" <[EMAIL PROTECTED]> To: Sent: Tuesday, May 24, 2005 5:26 PM Subject: Re: [Declude.JunkMail] IMail Server Vulnerabilities... > So, question is... will Ipswitch create hotfixes or workarounds for versions > before 8.2? Or is everyone forced to upgrade to 8.2? Wanna make a bet on which? :-) -- --mattRobertson-- Janitor, MSB Web Systems mysecretbase.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IMail Server Vulnerabilities...
> So, question is... will Ipswitch create hotfixes or workarounds for versions > before 8.2? Or is everyone forced to upgrade to 8.2? Wanna make a bet on which? :-) -- --mattRobertson-- Janitor, MSB Web Systems mysecretbase.com --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] IMail Server Vulnerabilities...
Or turn off IMAP and web calendaring Kevin Bilbee > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Darin Cox > Sent: Tuesday, May 24, 2005 12:58 PM > To: Declude.JunkMail@declude.com > Subject: Re: [Declude.JunkMail] IMail Server Vulnerabilities... > > > Thanks for the FYI, Mike. > > So, question is... will Ipswitch create hotfixes or workarounds > for versions > before 8.2? Or is everyone forced to upgrade to 8.2? > > Darin. > > > - Original Message - > From: "Michael L. Hardrick" <[EMAIL PROTECTED]> > To: > Sent: Tuesday, May 24, 2005 3:49 PM > Subject: [Declude.JunkMail] IMail Server Vulnerabilities... > > > Ipswitch IMail Server Multiple Unspecified Vulnerabilities > http://www.securityfocus.com/bid/13727?ref=rss > > Just a FYI... > > --Mike > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > > --- > This E-mail came from the Declude.JunkMail mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.JunkMail". The archives can be found > at http://www.mail-archive.com. > --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IMail Server Vulnerabilities...
Thanks for the FYI, Mike. So, question is... will Ipswitch create hotfixes or workarounds for versions before 8.2? Or is everyone forced to upgrade to 8.2? Darin. - Original Message - From: "Michael L. Hardrick" <[EMAIL PROTECTED]> To: Sent: Tuesday, May 24, 2005 3:49 PM Subject: [Declude.JunkMail] IMail Server Vulnerabilities... Ipswitch IMail Server Multiple Unspecified Vulnerabilities http://www.securityfocus.com/bid/13727?ref=rss Just a FYI... --Mike --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] IMail Server Vulnerabilities...
- Original Message - From: "Michael L. Hardrick" <[EMAIL PROTECTED]> Ipswitch IMail Server Multiple Unspecified Vulnerabilities http://www.securityfocus.com/bid/13727?ref=rss Though they don't report it, I'm assuming that 8.15 with HF2 is not vulnerable either, since the HF2 patches looks to be the same for both 8.15 and 8.2, with the exception of the SMTPD32 related fix, which probably was not an issue with 8.15. Bill --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
[Declude.JunkMail] IMail Server Vulnerabilities...
Ipswitch IMail Server Multiple Unspecified Vulnerabilities http://www.securityfocus.com/bid/13727?ref=rss Just a FYI... --Mike --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
