nanog mailing list archives
Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
From: Gadi Evron <ge () linuxbox org>
Date: Sat, 25 Mar 2006 04:59:47 +0200
Michael.Dillon () btradianz com wrote:
I wonder how many other unreported silently-patched vulnerabilities are out there?You seem to be inferring that it is a bad thing to silently patch bugs which may have security implications. The OpenBSD
Full disclosure, we believe in it.
team makes a habit of auditing software for flaws and fixing them without waiting to find out whether they create actual security vulnerabilities. They consider this to be a GOOD thing.
It is a good thing.
I think that people who use software also consider it to be good for software flaws to be fixed as quickly as possible.Inevitably, this means that if the DEVELOPERS discover a flaw, they will fix it before they tell anyone about it. Thereason that security researchers publish bulletins aboutsecurity flaws is because they are unable to fix them either due to lack of skill, or more commonly, they just don't have permission to commit changes to the source code.Network operators are users of software and not developers, therefore most network operators are happy when flaws are fixed early and often.
I wonder if the same network operators will be happy about potentially millions of compromised sendmail servers globally.
Current thread:
- SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 23)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Valdis . Kletnieks (Mar 23)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 23)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Valdis . Kletnieks (Mar 23)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) JP Velders (Mar 25)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Jeroen Massar (Mar 25)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 23)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Michael . Dillon (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Alain Hebert (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Randy Bush (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Alain Hebert (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Valdis . Kletnieks (Mar 23)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Michael . Dillon (Mar 27)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Steven M. Bellovin (Mar 24)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Gadi Evron (Mar 25)
- Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Valdis . Kletnieks (Mar 25)