Bugtraq mailing list archives

Re: Sendmail 8.6.9

From: perry () imsi com (Perry E. Metzger)
Date: Wed, 15 Feb 1995 08:23:16 -0500


Tom Fitzgerald says:

There are massive holes in IDA that are fixed by 8.6.9; anyone telling
you the reverse is tugging very hard on your lower appendages.


Could you be a little more specific - particularly concerning 5.67b+IDA1.5?
There were definitely security bugs in 5.65c+IDA1.4.4.1, that were fixed
with some emergency patches that were later merged in with 5.67, but I
haven't heard of anything more recent.

At the very least, are these problems that can be fixed by using smrsh?


I believe all the known external holes are fixed with smrsh; I am
unsure as to whether that IDA still suffers from the debug option
bug. In any case, I'd say that claims to the effect that 8.6.9 has
known holes that IDA does not have are spurious. I didn't really
intend to trash IDA per se or anything.

Perry

Current thread:

Re: Vulnerability in NCSA HTTPD 1.3, (continued)
- - - Re: Vulnerability in NCSA HTTPD 1.3 Robert M. Haas (Feb 14)
    - Re: Vulnerability in NCSA HTTPD 1.3 Christopher Davis (Feb 16)
  - Fixing the NCSA HTTPD 1.3 Thomas Lopatic (Feb 14)
    - Re: Fixing the NCSA HTTPD 1.3 Paul 'Shag' Walmsley (Feb 15)
    - Re: Fixing the NCSA HTTPD 1.3 Rens Troost (Feb 15)
    - Re: Fixing the NCSA HTTPD 1.3 Paul 'Shag' Walmsley (Feb 15)
    - For NCSA Http_1.05a Everett F Batey WA6CRE (Feb 15)
  - Sendmail 8.6.9 Nathan Lawson (Feb 14)
    - Re: Sendmail 8.6.9 Perry E. Metzger (Feb 14)
    - Re: Sendmail 8.6.9 Tom Fitzgerald (Feb 14)
    - Re: Sendmail 8.6.9 Perry E. Metzger (Feb 15)
  - Re: Vulnerability in NCSA HTTPD 1.3 Thomas Roessler (Feb 14)
  - Re: Vulnerability in NCSA HTTPD 1.3 Hannu Martikka (Feb 14)
- Re: Vulnerability in NCSA HTTPD 1.3 Edy (Feb 14)