<<< Date Index >>>     <<< Thread Index >>>

Re: Buffer overflow in BusinessMail email server system 4.60.00



iant@xxxxxxxxxxxx wrote:
This problem was corrected within 14 days, and a new SMTP server was provided 
on our web site. This was back in 2005, we are now almost TWO YEARS ON, and you 
still claim it is a problem.


It is unclear who "you" is supposed to be here. I'm guessing this is the vulnerability referred to by:

OSVDB 18407
CVE 2005-2472
ISS 21636
Secunia 16306
Bugtraq 14434

None of these indicate a solution is available.

The Mail List post reporting this vulnerability was http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0002.html

In the post, it says that a patch will soon be available. A quick glance at the download page at http://www.netcplus.com/downloads.html doesn't reveal a link to download the patch for 4.6. I also don't see any advisory for users of 4.6 that a patch is available.

We will be happy to update our entry at osvdb.org, after verifying that a patch exists for 4.6, and an upgrade to 4.7 also solves the problem. Is that correct?

Thanks,
Steve Tornio
osvdb.org

You **were** notified of the release of the fix, and we have many other 
confirmations that it is indeed a good fix.

We are now at 4.7 of BusinessMail, and that also still blocks this 
"vulenrability", and yet you continue to publich out of ate dand inaccurate 
information as being the truth.

Kindly update your published information as relevant to reflect the true facts 
of this buglet.

You can download an evaluation BusinessMail system from our web site to test 
this for yourself if you still do not beleive us.

Thank You