---------- Forwarded message ---------- Date: Tue, 5 Oct 1999 10:54:52 -0600 From: Doug Lemaire <dougat_private> To: "'vuldbat_private'" <vuldbat_private> Subject: SecurityFocus - reference: bugtraq id 689 A customer of ours pointed out that this item was in your database. http://www.securityfocus.com/level2/?go=vulnerabilities%26id=689 We have been aware of this issue for some time, and want to provide more information about it to your for your database. Our evaluation web server is generally used for a short time while customers are evaluating the software. Production systems should use IIS or Netscape Enterprise/FastTrack web servers, as you correctly reference and as we recommend to all our customers. Again, this Web server is installed and set up to be launched when TeamTrack is installed ONLY IF one of the recommended Web servers (IIS or Netscape Enterprise/FastTrack) is not already installed on the target computer, greatly minimizing the risk of the web server being enabled on a production computer. Notwithstanding the above, at TeamShare we take security very seriously. Even though this situation only manifests itself rarely, we have resolved the problem in our TeamTrack 4.0 software, entering beta now. This software version should be generally available during January 2000. In the meantime, customers and evaluators of the TeamTrack software can check to ensure that the TeamTrack Web Server is not running by disabling the TeamTrack Web Server service in Windows NT, and uninstalling the software from any Windows 95 or 98 computers not currently evaluating the software. Evaluations on all platforms can be performed using the Microsoft Personal Web Server, freely downloadable and without risk of this type of attack - instructions can be found in all readme files provided with the TeamTrack software, again, as correctly referenced in your on-line report. Please feel free to have customers contact our support department at mailto:supportat_private with any followup. Thank you for the service you provide - and for the prompt update of our information. Sincerely, Doug Lemaire Senior Software Engineer TeamShare, Inc.
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:06:42 PDT