Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)

["Mike Owen" <kyphros () gmail com>]

On 3/23/06, Gadi Evron <ge () linuxbox org> wrote:
> Tech details:
> Sendmail vulnerabilities were released yesterday. No real public
> announcements to speak of to the security community.
<snip>
> Public announcement
> -------------------
> FreeBSD were the only ones who released a public announcement of a patch
> and emailed it to bugtraq so far.
<snip>

Not sure what you mean by no advisories from the major distros.

The CERT advisory went out at about 1700GMT. At the same time, RedHat
sent out their notices, Mandrake, SUSE and Gentoo were within a few
hours. Debian and Sun had updates within 24 hours.

I'd say that covers the major players, and all of them were sent out
by the time you sent your email. If you mean specifically Bugtraq (tm)
postings, then you're right, they haven't been released by the
moderators of that list yet. Bugtraq is what a moderated FD would look
like, which is why it's not anywhere near as popular or useful as it
was back in the Aleph1 netspace.org days.

While I agree with you that this vulnerability should have more
publicity then it does, I don't think everything is quite as gloomy as
you're making it sound.

 Mike

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/