SecurityFocus

SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 23 2006 09:41AM
Gadi Evron (ge linuxbox org) (5 replies)

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 24 2006 04:27AM
Eric Allman eric+bugtraq (at) neophilic (dot) com [email concealed] (eric+bugtraq neophilic com) (1 replies)

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 24 2006 06:03PM
Gadi Evron (ge linuxbox org)

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 24 2006 03:08AM
Claus Assmann ca+bugtraq (at) zardoc.endmail (dot) org [email concealed] (ca+bugtraq zardoc endmail org) (2 replies)

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 24 2006 05:56PM
Gadi Evron (ge linuxbox org) (1 replies)

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 25 2006 08:47AM
Todd Burroughs (fd parsec net)

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 24 2006 05:39PM
Theo de Raadt (deraadt cvs openbsd org)

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 24 2006 02:52AM
Theo de Raadt (deraadt cvs openbsd org) (2 replies)

> Sendmail is, as we know, the most used daemon for SMTP in the world. This
> is an International Infrastructure vulnerability and should have been
> treated that way. It wasn't. It was handled not only poorly, but
> irresponsibly.

You would probably expect me to the be last person to say that Sendmail
is perfectly within their rights. I have had a lot of problems with
what they are doing.

But what did you pay for Sendmail? Was it a dollar, or was it more? Let
me guess. It was much less than a dollar. I bet you paid nothing.

So does anyone owe you anything, let alone a particular process which
you demand with such length?

Now, the same holds true with OpenSSH. I'll tell you what. If there
is ever a security problem (again :) in OpenSSH we will disclose it
exactly like we want, and in no other way, and quite frankly since
noone has ever paid a cent for it's development they have nothing they
can say about it.

Dear non-paying user -- please remember your place.

Or run something else.

OK?

Luckily within a few months you will be able to tell Sendmail how
to disclose their bugs because their next version is going to come
out with a much more commercial licence. Then you can pay for it,
and then you can complain too.

[ reply ]

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 24 2006 05:53PM
Gadi Evron (ge linuxbox org) (2 replies)

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 25 2006 09:51AM
Casper Dik Sun COM

RE: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 24 2006 11:31PM
Michael A Fusaro II (maf mafii com)

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 24 2006 03:13PM
Martin Schulze (joey infodrom org) (1 replies)

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 24 2006 10:17PM
Theo de Raadt (deraadt cvs openbsd org) (4 replies)

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 25 2006 11:12PM
Florian Weimer (fw deneb enyo de) (1 replies)

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 28 2006 07:36AM
Casper Dik Sun COM

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 25 2006 08:12AM
Pim van Riezen (pi madscience nl)

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 25 2006 03:16AM
Gadi Evron (ge linuxbox org) (1 replies)

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 26 2006 04:12PM
Geo. (geoincidents nls net)

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 25 2006 12:33AM
D.F.Russell (DFRussell spamcop net) (1 replies)

Re: SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 25 2006 09:54PM
Kurt Seifried (bt seifried org)

Re: [Full-disclosure] SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 23 2006 08:13PM
Dragos Ruiu (dr kyx net) (1 replies)

Re: [Full-disclosure] SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow) Mar 24 2006 05:44PM
Gadi Evron (ge linuxbox org)

trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Mar 23 2006 09:59AM
Gadi Evron (ge linuxbox org) (1 replies)

Re: [Full-disclosure] trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Mar 24 2006 10:13AM
Valdis Kletnieks vt edu (1 replies)

Re: [Full-disclosure] trusting SMTP [was: SendGate: Sendmail Multiple Vulnerabilities] Mar 24 2006 05:50PM
Gadi Evron (ge linuxbox org)