Full Disclosure mailing list archives
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
From: "Mike Owen" <kyphros () gmail com>
Date: Thu, 23 Mar 2006 10:40:20 -0800
On 3/23/06, Gadi Evron <ge () linuxbox org> wrote:
Tech details: Sendmail vulnerabilities were released yesterday. No real public announcements to speak of to the security community.
<snip>
Public announcement ------------------- FreeBSD were the only ones who released a public announcement of a patch and emailed it to bugtraq so far.
<snip> Not sure what you mean by no advisories from the major distros. The CERT advisory went out at about 1700GMT. At the same time, RedHat sent out their notices, Mandrake, SUSE and Gentoo were within a few hours. Debian and Sun had updates within 24 hours. I'd say that covers the major players, and all of them were sent out by the time you sent your email. If you mean specifically Bugtraq (tm) postings, then you're right, they haven't been released by the moderators of that list yet. Bugtraq is what a moderated FD would look like, which is why it's not anywhere near as popular or useful as it was back in the Aleph1 netspace.org days. While I agree with you that this vulnerability should have more publicity then it does, I don't think everything is quite as gloomy as you're making it sound. Mike _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 23)
- trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Gadi Evron (Mar 23)
- Re: trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Valdis . Kletnieks (Mar 24)
- Re: trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Gadi Evron (Mar 24)
- Re: trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Valdis . Kletnieks (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mike Owen (Mar 23)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Dragos Ruiu (Mar 23)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Theo de Raadt (Mar 23)
- Re: Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) purplebag (Mar 23)
- Re: Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Blue Boar (Mar 23)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 24)
- Re: Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Tim (Mar 24)
- RE: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Michael A Fusaro II (Mar 24)
- Re: Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Anders B Jansson (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Casper . Dik (Mar 25)
(Thread continues...)
- trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Gadi Evron (Mar 23)