[3374] in WWW Security List Archive
sendmail security [Re: www web security !]
daemon@ATHENA.MIT.EDU (Wolfgang Ley)
Fri Oct 25 06:08:09 1996
From: Wolfgang Ley <ley@cert.dfn.de>
To: meskes@informatik.rwth-aachen.de (Michael Meskes)
Date: Fri, 25 Oct 1996 10:16:45 +0200 (MET DST)
Cc: alexf@iss.net, www-security@ns2.rutgers.edu
In-Reply-To: <199610241144.NAA20045@feivel.topsystem.de> from "Michael Meskes" at Oct 24, 96 01:44:34 pm
Errors-To: owner-www-security@ns2.rutgers.edu
-----BEGIN PGP SIGNED MESSAGE-----
Michael Meskes wrote:
>
> Alex Filacchione writes:
> > Re: Sendmail. The latest, 8.8, is vulnerable. The vulnerability was
> > posted to bugtraq and BoS on the 17th. I believe that we are working on
>
> Does that mean sendmail 8.8.1 is more buggy than 8.7.6?
No - it just has different bugs. In particular one buffer overflow problem
(remote exploitable) of sendmail 8.8.0 should have been fixed in 8.8.1
but was really fixed in sendmail 8.8.2.
8.7.6 has other possible security problems - all of them have been fixed in
sendmail 8.8.2.
Bye,
Wolfgang Ley (DFN-CERT)
- --
Wolfgang Ley, DFN-CERT, Vogt-Koelln-Str. 30, 22527 Hamburg, Germany
Email: ley@cert.dfn.de Phone: +49 40 5494-2262 Fax: +49 40 5494-2241
PGP-Key available via finger ley@ftp.cert.dfn.de any key-server or via
WWW from http://www.cert.dfn.de/~ley/ ...have a nice day
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i
iQCVAwUBMnB3agQmfXmOCknRAQETLgP+NkrkmcYNV5FGMp4BQ/vdQM67Ec8ZMdqp
AnYvTpBbNbhKXtbK0K0O7e2mrEceaDTUR6mpD08aSB2X7rKxWuV+WGA3IWynljIn
tEacxNK0D/W3nTB6aQJOKJooEftoPS/yafb0I+COp4bM59eIqjaIL6xWTBOKa2Cy
0D7ZhneGY14=
=QhdA
-----END PGP SIGNATURE-----
