[26395] in bugtraq
Re: Hoax Exploit
daemon@ATHENA.MIT.EDU (Tom Fischer)
Mon Jul 29 22:29:52 2002
Date: Mon, 29 Jul 2002 21:15:40 +0200
From: Tom Fischer <Tom.Fischer@rus.uni-stuttgart.de>
To: John Korsak <jkorsak@ipswitch.com>
Cc: bugtraq@securityfocus.com
Message-ID: <20020729191540.GA13425@helpdesk>
Reply-To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <00aa01c23716$304a0240$5303159c@lex.ipswitch.com>
Hi,
On Mon, Jul 29, 2002 at 11:39:55AM -0400, John Korsak wrote:
> We have been unable to duplicate the problem and the code attached to the
> above message is unknown in nature. We suspect that the "patch" released in
> the message is actually designed to open a vulnerability. At this time we
> are advising our users that this advisory is a hoax and to not apply the
> patch. I would like to request that the message be removed to prevent
> further confusion. Thank you.
can't duplicate the remote code execution but the IMail Web Service (v.
7.11 - 2002.06.17.24) crashed cause of the GET request (DoS attack)
--
Tom Fischer Tom.Fischer@rus.uni-stuttgart.de
RUS-CERT University of Stuttgart Tel:+49 711 685-8076 / -5898 (fax)
Allmandring 30, D-70550 Stuttgart http://cert.uni-stuttgart.de/
