[Gllug] I found this link
Mike Brodbelt
mike at coruscant.demon.co.uk
Wed Sep 26 02:26:50 UTC 2001
Dean wrote:
>
> On Sun, Sep 23, 2001 at 05:31:06PM +0100, Bruce Richardson wrote:
> > Sendmail did have a major code audit a while back and there haven't been
> > any major exploits since but the fact remains that it is far more
> > complex and so runs a higher risk of improper configuration leading to
> > exposure.
>
> Like this?
>
> http://www.securityfocus.com/news/244
>
> Needs a negligent admin to be exploited but judging by last weeks http
> traffic on the net we have plenty of those :)
Needs local shell access to the box. Fix available. Will not happen
again, as 8.12 no longer runs as root. Only significant hole since pre
8.8.8 days, which isn't too bad. Compared to BIND, it's positively
ironclad :-). And people whine about sendmail far more than they whine
about BIND.
Mike.
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list