September 5, 2002 On August 19, Ensim notified its customers regarding a security issue with versions of WEBppliance 3.0.0 to 3.1.0. This issue allows one user in a virtual domain to take over receiving e-mail from another user in the same domain by creating an alias with the name of that user. Ensim released a patch that addressed this issue however we received feedback that you could bypass this by prepending a quote to the end of the alias. We've updated our patch to address this issue. Another description of this security issue can also be found at: http://securitytracker.com/alerts/2002/Aug/1004938.html Solution: 1) Download the patch to your WEBppliance 2) Verify the md5sum: d40bf046cabdd3abfec25c6ce26cf6e1 3) Apply the patch: tar -xvzf virtuser_hijack_3.1.0_p4.tar.gz 4) Restart WEBppliance: /etc/rc.d/init.d/webppliance safestop /etc/rc.d/init.d/webppliance start