Re: Sendmail hole

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Bill McDonald: "Re: Sendmail hole"
• Previous message: Perry E. Metzger: "so..."
• In reply to: Dave Hayes: "Re: Sendmail hole"

> > Well, it appears that someone has tried to take advantage of the (now) well
> > known sendmail security hole that has been discussed here.  This is a very 
> > good argument for full disclosure on security holes. 
> Wrong! You start broadcasting news about security holes, some unscrupulous
> person(s) will abuse the security hole. It is up to agencies like CERT and
> the manufacturers of the software to produce fixed versions of the software.

No it isn't. Please join the ongoing flamewar on USENET and get off bugtraq.
Bugtraq is pro-disclosure.

Speaking of which, am I correct in assuming that the current sendmail hole
cannot be exploited from the outside of a machine (e.g. by email)? Could
someone please post more details as to how to test for this bug and what
it could be used for?
------
Dave Hayes - Institutional Network & Communications - JPL/NASA - Pasadena CA
dave@elxr.jpl.nasa.gov       dave@jato.jpl.nasa.gov         ...usc!elroy!dxh

Never put off until tomorrow what you can do today.  There might be a
law against it by that time.

• Next message: Bill McDonald: "Re: Sendmail hole"
• Previous message: Perry E. Metzger: "so..."
• In reply to: Dave Hayes: "Re: Sendmail hole"