Hi, On Mon, Jul 29, 2002 at 11:39:55AM -0400, John Korsak wrote: > We have been unable to duplicate the problem and the code attached to the > above message is unknown in nature. We suspect that the "patch" released in > the message is actually designed to open a vulnerability. At this time we > are advising our users that this advisory is a hoax and to not apply the > patch. I would like to request that the message be removed to prevent > further confusion. Thank you. can't duplicate the remote code execution but the IMail Web Service (v. 7.11 - 2002.06.17.24) crashed cause of the GET request (DoS attack) -- Tom Fischer Tom.Fischer@rus.uni-stuttgart.de RUS-CERT University of Stuttgart Tel:+49 711 685-8076 / -5898 (fax) Allmandring 30, D-70550 Stuttgart http://cert.uni-stuttgart.de/
