Re: [Declude.JunkMail] [Declude.JunkMail] IMail 2006.2
It's good practice to not release details of a vulnerability until the vulnerability is patched. Because IMail has been around for so long and has a large installed base, they are a frequent target. It would also appear that there are some security people that like to focus on IMail and are uncovering such things (people contributing to iDefense in this case). The attack vector appears quite minimal as the notes indicate that you have to browse to a site with the exploit from the server that has IMail installed on it. Matt John T (lists) wrote: Interesting. I guess those were not previously publicly disclosed. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike N Sent: Monday, February 12, 2007 11:43 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] [Declude.JunkMail] IMail 2006.2 >From the release notes - Addressed the following security vulnerabilities (identified by iDefense Labs): [IDEF2159] IMailServer.WebConnect Buffer Overflow Vulnerability [IDEF2160] IMail Server 2006 IMailLDAPService.Sync3 Heap Overflow Vulnerability [IDEF2161] IMail Server 2006 IMailLDAPService.Init3 Heap Overflow Vulnerability [IDEF2162] IMail Server 2006 IMailServer.Connect Buffer [IDEF2163] IMail Server 2006 IMailUserCollection.SetReplyTo Buffer Overflow Vulnerability Remote exploitation of an ActiveX control buffer overflow vulnerability in IMail Server 2006 could allow attackers to execute arbitrary code with the credentials of the user visiting a malicious website. To exploit this issue, a user would have to visit a malicious website from a computer with IMail Server installed on it.The vulnerable component is also likely installed with any IPSwitch product that includes the IMail Server. This includes products such as its Collaboration Suite packages. - Original Message - From: "John T (lists)" <[EMAIL PROTECTED]> To: Sent: Monday, February 12, 2007 2:16 PM Subject: RE: [Declude.JunkMail] [Declude.JunkMail] IMail 2006.2 What vulnerability in 2006.1 are you referring to? AFAIK, there is none. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike N Sent: Monday, February 12, 2007 9:44 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 Especially since 2006.2 fixes a vulnerabilty in 2006.1 - we'll have to roll it out quickly. - Original Message - From: "Scott Fisher" <[EMAIL PROTECTED]> To: Sent: Monday, February 12, 2007 12:28 PM Subject: Re: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 It would be nice to know. - Original Message - From: "David Barker" <[EMAIL PROTECTED]> To: Sent: Monday, February 12, 2007 11:05 AM Subject: RE: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 We have not tested against IMail 2006.2 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] [Declude.JunkMail] IMail 2006.2
Interesting. I guess those were not previously publicly disclosed. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike N Sent: Monday, February 12, 2007 11:43 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] [Declude.JunkMail] IMail 2006.2 >From the release notes - Addressed the following security vulnerabilities (identified by iDefense Labs): [IDEF2159] IMailServer.WebConnect Buffer Overflow Vulnerability [IDEF2160] IMail Server 2006 IMailLDAPService.Sync3 Heap Overflow Vulnerability [IDEF2161] IMail Server 2006 IMailLDAPService.Init3 Heap Overflow Vulnerability [IDEF2162] IMail Server 2006 IMailServer.Connect Buffer [IDEF2163] IMail Server 2006 IMailUserCollection.SetReplyTo Buffer Overflow Vulnerability Remote exploitation of an ActiveX control buffer overflow vulnerability in IMail Server 2006 could allow attackers to execute arbitrary code with the credentials of the user visiting a malicious website. To exploit this issue, a user would have to visit a malicious website from a computer with IMail Server installed on it.The vulnerable component is also likely installed with any IPSwitch product that includes the IMail Server. This includes products such as its Collaboration Suite packages. - Original Message - From: "John T (lists)" <[EMAIL PROTECTED]> To: Sent: Monday, February 12, 2007 2:16 PM Subject: RE: [Declude.JunkMail] [Declude.JunkMail] IMail 2006.2 What vulnerability in 2006.1 are you referring to? AFAIK, there is none. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike N Sent: Monday, February 12, 2007 9:44 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 Especially since 2006.2 fixes a vulnerabilty in 2006.1 - we'll have to roll it out quickly. - Original Message - From: "Scott Fisher" <[EMAIL PROTECTED]> To: Sent: Monday, February 12, 2007 12:28 PM Subject: Re: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 > It would be nice to know. > > - Original Message - > From: "David Barker" <[EMAIL PROTECTED]> > To: > Sent: Monday, February 12, 2007 11:05 AM > Subject: RE: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 > > >> We have not tested against IMail 2006.2 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] [Declude.JunkMail] IMail 2006.2
From the release notes - Addressed the following security vulnerabilities (identified by iDefense Labs): [IDEF2159] IMailServer.WebConnect Buffer Overflow Vulnerability [IDEF2160] IMail Server 2006 IMailLDAPService.Sync3 Heap Overflow Vulnerability [IDEF2161] IMail Server 2006 IMailLDAPService.Init3 Heap Overflow Vulnerability [IDEF2162] IMail Server 2006 IMailServer.Connect Buffer [IDEF2163] IMail Server 2006 IMailUserCollection.SetReplyTo Buffer Overflow Vulnerability Remote exploitation of an ActiveX control buffer overflow vulnerability in IMail Server 2006 could allow attackers to execute arbitrary code with the credentials of the user visiting a malicious website. To exploit this issue, a user would have to visit a malicious website from a computer with IMail Server installed on it.The vulnerable component is also likely installed with any IPSwitch product that includes the IMail Server. This includes products such as its Collaboration Suite packages. - Original Message - From: "John T (lists)" <[EMAIL PROTECTED]> To: Sent: Monday, February 12, 2007 2:16 PM Subject: RE: [Declude.JunkMail] [Declude.JunkMail] IMail 2006.2 What vulnerability in 2006.1 are you referring to? AFAIK, there is none. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike N Sent: Monday, February 12, 2007 9:44 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 Especially since 2006.2 fixes a vulnerabilty in 2006.1 - we'll have to roll it out quickly. - Original Message - From: "Scott Fisher" <[EMAIL PROTECTED]> To: Sent: Monday, February 12, 2007 12:28 PM Subject: Re: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 It would be nice to know. - Original Message - From: "David Barker" <[EMAIL PROTECTED]> To: Sent: Monday, February 12, 2007 11:05 AM Subject: RE: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 We have not tested against IMail 2006.2 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] [Declude.JunkMail] IMail 2006.2
AFAIK, there is no change in the SMTP service in IMail 2006.2 compared to IMail 2006.1, so there will be no problem running any version of Declude on 2006.2 that runs on 2006.1. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephan Sent: Monday, February 12, 2007 9:03 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 Has anyone tested declude (latest version) with imail 2006.2 (it is available from the ipswitch preview forum and is scheduled for release on March 6)? Any issues? I emailed Declude support to ask if it had been tested but didn't get a response. Thanks. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] [Declude.JunkMail] IMail 2006.2
What vulnerability in 2006.1 are you referring to? AFAIK, there is none. John T -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mike N Sent: Monday, February 12, 2007 9:44 AM To: declude.junkmail@declude.com Subject: Re: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 Especially since 2006.2 fixes a vulnerabilty in 2006.1 - we'll have to roll it out quickly. - Original Message - From: "Scott Fisher" <[EMAIL PROTECTED]> To: Sent: Monday, February 12, 2007 12:28 PM Subject: Re: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 > It would be nice to know. > > - Original Message - > From: "David Barker" <[EMAIL PROTECTED]> > To: > Sent: Monday, February 12, 2007 11:05 AM > Subject: RE: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 > > >> We have not tested against IMail 2006.2 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2
We’re using it, no observed problems. Latest Declude / Sniffer / Imail 2006.2 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephan Sent: Monday, February 12, 2007 11:03 AM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 Has anyone tested declude (latest version) with imail 2006.2 (it is available from the ipswitch preview forum and is scheduled for release on March 6)? Any issues? I emailed Declude support to ask if it had been tested but didn't get a response. Thanks. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2
Especially since 2006.2 fixes a vulnerabilty in 2006.1 - we'll have to roll it out quickly. - Original Message - From: "Scott Fisher" <[EMAIL PROTECTED]> To: Sent: Monday, February 12, 2007 12:28 PM Subject: Re: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 It would be nice to know. - Original Message - From: "David Barker" <[EMAIL PROTECTED]> To: Sent: Monday, February 12, 2007 11:05 AM Subject: RE: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 We have not tested against IMail 2006.2 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
Re: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2
It would be nice to know. - Original Message - From: "David Barker" <[EMAIL PROTECTED]> To: Sent: Monday, February 12, 2007 11:05 AM Subject: RE: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 We have not tested against IMail 2006.2 David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephan Sent: Monday, February 12, 2007 12:03 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 Has anyone tested declude (latest version) with imail 2006.2 (it is available from the ipswitch preview forum and is scheduled for release on March 6)? Any issues? I emailed Declude support to ask if it had been tested but didn't get a response. Thanks. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
RE: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2
We have not tested against IMail 2006.2 David Barker Director of Product Management Your Email security is our business 978.499.2933 office 978.988.1311 fax [EMAIL PROTECTED] From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephan Sent: Monday, February 12, 2007 12:03 PM To: declude.junkmail@declude.com Subject: [Declude.JunkMail] [Declude.JunkMail] Imail 2006.2 Has anyone tested declude (latest version) with imail 2006.2 (it is available from the ipswitch preview forum and is scheduled for release on March 6)? Any issues? I emailed Declude support to ask if it had been tested but didn't get a response. Thanks. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.