[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: Clearswift Mimesweeper Path Traversal Vulnerability
From:       Pete Simpson <pete.simpson () clearswift ! com>
Date:       2004-08-11 20:19:17
Message-ID: 20040811201917.2551.qmail () www ! securityfocus ! com
[Download RAW message or body]

In-Reply-To: <20040811154715.31487.qmail@mail2.securityfocus.com>

Two important points of clarification are needed.

Firstly, the vulnerability as described should refer specifically to the MIMEsweeper \
for Web product. It does not apply to the MAILsweeper for SMTP product.

Secondly, this vulneraility was fixed at MIMEsweeper for Web v. 5.0.4 in Feb. 2004. \
The current version is 5.0.5. The vulnerability reported by Pierre Kroma was found on \
a copy of v.5.0.1 (a year old).

Solution: Upgrade to 5.0.5 (17 June 2004)
http://www.clearswift.com/support/msw/patch_MswWeb.aspx

Pete Simpson
ThreatLab Manager
Clearswift
The MIMEsweeper Company


[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic