SecurityFocus - reference: bugtraq id 689 (fwd)

From: Alfred Huger (ahat_private)
Date: Tue Oct 05 1999 - 10:15:55 PDT

Next message: Jim Frost: "Re: MicroImages MIX X Server"

Previous message: Wietse Venema: "Re: Fix for ssh-1.2.27 symlink/bind problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

---------- Forwarded message ----------
Date: Tue, 5 Oct 1999 10:54:52 -0600
From: Doug Lemaire <dougat_private>
To: "'vuldbat_private'" <vuldbat_private>
Subject: SecurityFocus - reference: bugtraq id 689

A customer of ours pointed out that this item was in your database.

http://www.securityfocus.com/level2/?go=vulnerabilities%26id=689

We have been aware of this issue for some time, and want to provide more
information about it to your for your database.

Our evaluation web server is generally used for a short time while customers
are evaluating the software.  Production systems should use IIS or Netscape
Enterprise/FastTrack web servers, as you correctly reference and as we
recommend to all our customers.

Again, this Web server is installed and set up to be launched when TeamTrack
is installed ONLY IF one of the recommended Web servers (IIS or Netscape
Enterprise/FastTrack) is not already installed on the target computer,
greatly minimizing the risk of the web server being enabled on a production
computer.

Notwithstanding the above, at TeamShare we take security very seriously.
Even though this situation only manifests itself rarely, we have resolved
the problem in our TeamTrack 4.0 software, entering beta now.  This software
version should be generally available during January 2000.  In the meantime,
customers and evaluators of the TeamTrack software can check to ensure that
the TeamTrack Web Server is not running by disabling the TeamTrack Web
Server service in Windows NT, and uninstalling the software from any Windows
95 or 98 computers not currently evaluating the software.  Evaluations on
all platforms can be performed using the Microsoft Personal Web Server,
freely downloadable and without risk of this type of attack - instructions
can be found in all readme files provided with the TeamTrack software,
again, as correctly referenced in your on-line report.

Please feel free to have customers contact our support department at
mailto:supportat_private with any followup.

Thank you for the service you provide - and for the prompt update of our
information.

Sincerely,

Doug Lemaire
Senior Software Engineer
TeamShare, Inc.

Next message: Jim Frost: "Re: MicroImages MIX X Server"
Previous message: Wietse Venema: "Re: Fix for ssh-1.2.27 symlink/bind problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:06:42 PDT