CERT Advisory CA-2003-07.html
[278 byte] By [ArshadNoor] at [2007-11-25 9:04:40] 
Is Messaging Server 5.x vulnerable to the buffer overflow problem described in the above-mentioned advisory? (http://www.cert.org/advisories/CA-2003-07.html). Sun has already put out a patch for the sendmail binary that ships on Solaris, but what about MS?
I got this reply from support yesterday:
In regards to your cert advisory
ca-2003-07 (
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F51181&zone_32=ca- 2003-07)
this does not affect the iplanet Messenger Server mail client. This only affects solaris boxes that are running the sendmail that is installed with the O.S. I have double checked on this. I have talked to upper level techs
about this and the iMs 5.2 is not affected by this.
Mark Woolever at 2007-7-1 16:02:34 >
Also, fwiw, I think the iMS imta is has no resemblance to sendmail. The other dudes here might be able to talk about this in great detail.
Mark Woolever at 2007-7-1 16:02:34 >
I dont think it is at all related. the IMS 5.x MTA is taken from the Sun SIMS MTA.
navin504 at 2007-7-1 16:02:34 >
I realize the MTA code is different from sendmail's, but the exploit (or some variation of it) might still work on the MTA. After all, the MTA has to support all functional capabilities of sendmail, so there is a small probability that it might work. The people who have access to the source (Sun Engineering) should test the exploit rapidly and put out an official statement whether MS users need do anything to mitigate this risk. Barring an official statement, every MS site is left in the dark and could potentially be compromised.
Arshad Noor at 2007-7-1 16:02:34 >
I agree with Arshad. Sun, whats up ?
Mark Woolever at 2007-7-1 16:02:34 >
E-Mail, Calendar, & Collaboration New Topic
E-Mail, Calendar, & Collaboration Hot Topic
- Message Store on one machine, MTA, web, etc on other
- Constant Timeouts on IMS5.2p1
- WINDOWS 2000-Can't Do Fresh Install of MSG 5.2
- Calendar Server / Apple iCal Integration
- Migration Procedure for NMS4.15p7(NDS4.16) to iMS5.2(IDS5.1)
- SSL Cert. Request with multiple CNs?
- SSL/TLS support in Calendar Server 5.1.1?
- Anyone get IMS 5.2 working with DS 5.1?
E-Mail, Calendar, & Collaboration
All Classified
- Archived Forums
- Enterprise & Remote Computing
- Java Essentials
- Desktop
- Core
- Solaris Operating System
- Security
- Database Connectivity
- Java Mobility Forums
- Web & Directory Servers
- Development Tools
- Application & Integration Servers
- Java HotSpot Virtual Machine
- Other Topics
- E-Mail, Calendar, & Collaboration
- Developer Tools
- General
- Administration Tools
- Sun Hardware
- Storage Forums
- Java Enterprise System
- StarOffice
- Open Source Technologies
- BigAdmin
- Real-Time
- Java Coding