This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. Send mail to mimeat_private for more info. ------=_NextPart_000_000F_01BF2BDA.BD5396A0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Content-ID: <Pine.GSO.4.10.9911101803212.13415at_private> Alfred Huger VP of Operations Security Focus ---------- Forwarded message ---------- Date: Thu, 11 Nov 1999 00:21:46 -0000 From: Dom De Vitto <domat_private> To: Alfred Huger <ahat_private> Cc: vuldbat_private Subject: RE: FTGate vulnerability. > Dom, > I am not sure if anyone has responded to you yet, if not, please let me > apologize, we are pretty busy here right now. Yea, I know busy, things fall through cracks all the time at my current contract, but they live with it and it's accepted.... > I will take your notes into the description. Two questions, one do you > want me to add your name to the credit list, I like to do this but some > people get a little leary of it. Two, can I fwd this to Bugtraq? 1) I'm easy about getting credit, so if you want to credit me, that's fine. 2) I already sent this to _NT_Bugtraq, but I think my new (non list-reg'd address) confused the listbot, so I sent it direct to Russ too - no response as yet :( But feel free to redistribute anything I've written to anywhere. I'm one of the founders and moderators of comp.lang.c++.moderated, so I've had to make sure what I say is "suitable for public consumption", even if it's to private parties - assuming anyone can define 'private' nowadays... :( Thanks, and keep up the good work! Dom - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Dom De Vitto Secure Technologies Ltd. Mob. 07971 589 201 mailto:domat_private Tel. 01202 738 767 http://www.devitto.com Fax. 08700 548 750 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -----Original Message----- From: Alfred Huger [mailto:ahat_private] Sent: Wednesday, November 10, 1999 8:43 PM To: Dom De Vitto Cc: vuldbat_private Subject: Re: FTGate vulnerability. Dom, I am not sure if anyone has responded to you yet, if not, please let me apologize, we are pretty busy here right now. I will take your notes into the description. Two questions, one do you want me to add your name to the credit list, I like to do this but some people get a little leary of it. Two, can I fwd this to Bugtraq? Nov 1999, Dom De Vitto wrote: > Ref: > http://www.securityfocus.com/level2/?go=vulnerabilities&id=548 > > This problem was fixed in the next release v2.2, a long time ago. > The SEVENTH v2.2 service release was released over a month ago, so this > bug only effects very old FTGate installations. > > To solve this problem either upgrade your copy of FTGate to the current > release (for free), or only bind the web interface to 'trusted' interfaces. > > I also think the USSR labs have taken unjustified credit for a bug > discovered and fixed a long time ago by others - quite possibly by > examining the 'bug fixed' list for the v2.2 release.... > > The real "impact" of this is that anyone is likely to be able to read > anyone email, including incoming/outgoing mail. POP passwords are also > available for those with *any* hacking skills at all... > > Dom > PS. I have no relation to FTGate other than being a happy, freeware > user - & I'm running the "vulnerable" v2.1, but have always only bound > the web server to 127.0.0.1... > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > Dom De Vitto > Secure Technologies Ltd. Mob. 07971 589 201 > mailto:domat_private Tel. 01202 738 767 > http://www.devitto.com Fax. 08700 548 750 > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > Alfred Huger VP of Operations Security Focus ------=_NextPart_000_000F_01BF2BDA.BD5396A0 Content-Type: TEXT/X-VCARD; NAME="Domenico De Vitto.vcf" Content-Transfer-Encoding: QUOTED-PRINTABLE Content-ID: <Pine.GSO.4.10.9911101803213.13415at_private> Content-Description: Content-Disposition: ATTACHMENT; FILENAME="Domenico De Vitto.vcf" BEGIN:VCARD VERSION:2.1 N:De Vitto;Domenico FN:Domenico De Vitto NICKNAME:Dom ORG:Secure Technologies Ltd. TITLE:Director TEL;WORK;VOICE:0797 1589 201 TEL;WORK;VOICE:01202 738 767 TEL;HOME;VOICE:01202 738 767 TEL;CELL;VOICE:0797 1589 201 TEL;WORK;FAX:0870 054 87 50 TEL;HOME;FAX:0870 054 87 50 TEL;HOME:0797 1589 201 ADR;WORK:;34 Farwell Road, Poole, Dorset. BH12 4PN. England.;34 Farwell = Road,;Poole.;Dorset.;BH12 4PN;United Kingdom LABEL;WORK;ENCODING=3DQUOTED-PRINTABLE:34 Farwell Road, Poole, Dorset. = BH12 4PN. England.=3D0D=3D0A34 Farwell Road,=3D0D=3D =3D0APoole., Dorset. BH12 4PN=3D0D=3D0AUnited Kingdom ADR;HOME:;;34 Farwell Road,;Poole.;Dorset.;BH12 4PN;United Kingdom LABEL;HOME;ENCODING=3DQUOTED-PRINTABLE:34 Farwell Road,=3D0D=3D0APoole., = Dorset. BH12 4PN=3D0D=3D0AUnited Kingdom X-WAB-GENDER:2 URL: URL:http://www.devitto.com ROLE:General Technological Mischief BDAY:19721016 EMAIL;PREF;INTERNET:domat_private EMAIL;INTERNET:domat_private EMAIL;INTERNET:domat_private REV:19990904T234548Z END:VCARD ------=_NextPart_000_000F_01BF2BDA.BD5396A0--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:11:14 PDT