iant@xxxxxxxxxxxx wrote:
This problem was corrected within 14 days, and a new SMTP server was provided on our web site. This was back in 2005, we are now almost TWO YEARS ON, and you still claim it is a problem.
It is unclear who "you" is supposed to be here. I'm guessing this is the vulnerability referred to by:
OSVDB 18407 CVE 2005-2472 ISS 21636 Secunia 16306 Bugtraq 14434 None of these indicate a solution is available.The Mail List post reporting this vulnerability was http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0002.html
In the post, it says that a patch will soon be available. A quick glance at the download page at http://www.netcplus.com/downloads.html doesn't reveal a link to download the patch for 4.6. I also don't see any advisory for users of 4.6 that a patch is available.
We will be happy to update our entry at osvdb.org, after verifying that a patch exists for 4.6, and an upgrade to 4.7 also solves the problem. Is that correct?
Thanks, Steve Tornio osvdb.org
You **were** notified of the release of the fix, and we have many other confirmations that it is indeed a good fix. We are now at 4.7 of BusinessMail, and that also still blocks this "vulenrability", and yet you continue to publich out of ate dand inaccurate information as being the truth. Kindly update your published information as relevant to reflect the true facts of this buglet. You can download an evaluation BusinessMail system from our web site to test this for yourself if you still do not beleive us. Thank You