Re: Hoax Exploit

[Tom Fischer <Tom.Fischer () rus uni-stuttgart de>]

Hi,

On Mon, Jul 29, 2002 at 11:39:55AM -0400, John Korsak wrote:
> We have been unable to duplicate the problem and the code attached to the
> above message is unknown in nature.  We suspect that the "patch" released in
> the message is actually designed to open a vulnerability.  At this time we
> are advising our users that this advisory is a hoax and to not apply the
> patch.  I would like to request that the message be removed to prevent
> further confusion.  Thank you.
can't duplicate the remote code execution but the IMail Web Service (v.
7.11 - 2002.06.17.24) crashed cause of the GET request (DoS attack)

-- 
Tom Fischer                              Tom.Fischer () rus uni-stuttgart de
RUS-CERT University of Stuttgart       Tel:+49 711 685-8076 / -5898 (fax)
Allmandring 30, D-70550 Stuttgart           http://cert.uni-stuttgart.de/