[3355] in WWW Security List Archive
Sendmail security questions?
daemon@ATHENA.MIT.EDU (Brad Knowles)
Wed Oct 23 22:12:42 1996
From: "Brad Knowles" <BKnowles@aol.net>
Date: Wed, 23 Oct 1996 19:08:56 -0400
Reply-To: KnowlesB@aol.net
To: www-security@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
-----BEGIN PGP SIGNED MESSAGE-----
Folks,
I'm told some recent discussions have mentioned security holes
in sendmail (although it is not self-evident to me which messages
that might have been, based on what I can find in the archives).
If you're interested in this general subject, I try to keep
the comp.mail.sendmail FAQ reasonably up-to-date when it comes to
security issues. Of course, it only gets posted once a month, but
Eric or one of the other folks will usually make an announcement
in comp.mail.sendmail fairly soon after something major like that
has come out.
If you want to read the comp.mail.sendmail FAQ, you should find
it on your news servers under comp.answers or comp.mail.sendmail,
or on the news archive/index sites of DejaNews (www.dejanews.com)
or InReference (www.reference.com). I also keep a copy slung off
my home page at <http://www.his.com/~brad/sendmail/>.
Anyway, the most recent release of version 8.7 sendmail is 8.7.6,
and it back-ports some security fixes that had been implemented in
8.8 (mostly minor buffer overrun problems). The most recent release
of 8.8 is 8.8.2, which was released one day after 8.8.1, which was
supposed to fix a fairly major buffer overrun problem in the MIME
7-to-8-bit translation code (turns out that 8.8.1 just changed the
problem instead of fixing it, thus the reason for 8.8.2).
-----BEGIN PGP SIGNATURE-----
Version: 2.7.1
Comment: Key at <http://www.pgp.net/pgpnet/pks-commands.html>
iQEVAwUBMm6lgCG1aeLjjM7xAQHcYgf+JGb9TGCqMhzO8qQNLpPjxMSs8KadmLxn
L1ZAYBrDTxIebvsN8M1xRDG7NMC733AHTNP18Jk/09m5mJrldQ+4TlKgszMmtqMf
cwDHJcEjwiI0mYOlFlzjg2cMBUwGaxqoJlI+8HApcKzKqt5ImAYtEP9xCbpuzwcH
vA9E0cZbTQWfmyCV5+ErNI4WEzNR/Zp84oXUsEQriN0OdetYJvJgiaOd5NAfJky2
MD2j99mPfUAImadNl7nqOdiy9dnYYl22W3df+mdZ5LMQwFqDU7e85iv6usSA9Sz+
QVXjqCnN3G1ruyTigkPXf/SBi3G0IQcizOxsM0db9W2x45zTTiiJ4w==
=QQos
-----END PGP SIGNATURE-----
--
Brad Knowles MIME/PGP: KnowlesB@aol.net
Senior Internet Mail Systems <http://www.his.com/~brad/>
Administrator for aol.com & gnn.com
PGP key available at <http://www.pgp.net/pgp/pks-commands.html>
