Full Disclosure mailing list archives
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
From: Gadi Evron <ge () linuxbox org>
Date: Fri, 24 Mar 2006 11:53:04 -0600 (CST)
On Thu, 23 Mar 2006, Theo de Raadt wrote:
Sendmail is, as we know, the most used daemon for SMTP in the world. This is an International Infrastructure vulnerability and should have been treated that way. It wasn't. It was handled not only poorly, but irresponsibly.You would probably expect me to the be last person to say that Sendmail is perfectly within their rights. I have had a lot of problems with what they are doing. But what did you pay for Sendmail? Was it a dollar, or was it more? Let me guess. It was much less than a dollar. I bet you paid nothing. So does anyone owe you anything, let alone a particular process which you demand with such length?
So you are basically saying open source free software can't be trusted to hold high standards or be reliable or secure if I don't pay for it?
Now, the same holds true with OpenSSH. I'll tell you what. If there is ever a security problem (again :) in OpenSSH we will disclose it exactly like we want, and in no other way, and quite frankly since noone has ever paid a cent for it's development they have nothing they can say about it. Dear non-paying user -- please remember your place. Or run something else. OK? Luckily within a few months you will be able to tell Sendmail how to disclose their bugs because their next version is going to come out with a much more commercial licence. Then you can pay for it, and then you can complain too.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 23)
- trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Gadi Evron (Mar 23)
- Re: trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Valdis . Kletnieks (Mar 24)
- Re: trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Gadi Evron (Mar 24)
- Re: trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Valdis . Kletnieks (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mike Owen (Mar 23)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Dragos Ruiu (Mar 23)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Theo de Raadt (Mar 23)
- Re: Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) purplebag (Mar 23)
- Re: Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Blue Boar (Mar 23)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 24)
- Re: Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Tim (Mar 24)
- RE: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Michael A Fusaro II (Mar 24)
- Re: Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Anders B Jansson (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Casper . Dik (Mar 25)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Coleman Kane (Mar 27)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Eric Allman (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Theo de Raadt (Mar 24)
- Re: Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 24)
- Re: Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Randal T. Rioux (Mar 26)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 24)
- trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Gadi Evron (Mar 23)