iant@xxxxxxxxxxxx wrote:
This problem was corrected within 14 days, and a new SMTP server was provided on our web site. This was back in 2005, we are now almost TWO YEARS ON, and you still claim it is a problem.
It is unclear who "you" is supposed to be here. I'm guessing this is
the vulnerability referred to by:
OSVDB 18407
CVE 2005-2472
ISS 21636
Secunia 16306
Bugtraq 14434
None of these indicate a solution is available.
The Mail List post reporting this vulnerability was
http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0002.html
In the post, it says that a patch will soon be available. A quick
glance at the download page at http://www.netcplus.com/downloads.html
doesn't reveal a link to download the patch for 4.6. I also don't see
any advisory for users of 4.6 that a patch is available.
We will be happy to update our entry at osvdb.org, after verifying that
a patch exists for 4.6, and an upgrade to 4.7 also solves the problem.
Is that correct?
Thanks,
Steve Tornio
osvdb.org
You **were** notified of the release of the fix, and we have many other confirmations that it is indeed a good fix.
We are now at 4.7 of BusinessMail, and that also still blocks this "vulenrability", and yet you continue to publich out of ate dand inaccurate information as being the truth.
Kindly update your published information as relevant to reflect the true facts of this buglet.
You can download an evaluation BusinessMail system from our web site to test this for yourself if you still do not beleive us.
Thank You
