The List has returned!
Frank Wiles
frank at wiles.org
Thu Jul 31 18:20:27 CDT 2003
On Thu, 31 Jul 2003 12:52:28 -0500 (CDT)
Gerald Combs <gerald at ethereal.com> wrote:
> On Thu, 31 Jul 2003, Frank Wiles wrote:
>
> > Also, the days when Sendmail was a big security risk are pretty
> > much gone. Yes I will admit it has had a checkered past, but
> > honestly how many Sendmail specific security holes have there been
> > in the last year?
>
> According to cve.mitre.org, there have been several:
>
> http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=sendmail
>
> Granted, most of these are specific to a particular OS or distribution
> but at least one (CAN-2002-1337) features a remote buffer overflow.
>
I see three listed for 2003. Two of which appear to be distribution/OS
specific. The one is a DoS with a possible execute arbitrary commands.
Personally, I don't see this warranting the continued bad reputation
Sendmail has. I've been running Sendmail in real world production
environments for years without any trouble.
---------------------------------
Frank Wiles <frank at wiles.org>
http://frank.wiles.org
---------------------------------
More information about the Kclug
mailing list