[1074] in bugtraq
Re: Sendmail 8.6.10: what's different?
daemon@ATHENA.MIT.EDU (Peter Wemm)
Fri Feb 24 10:35:50 1995
Date: Fri, 24 Feb 1995 20:16:42 +0800 (WST)
From: Peter Wemm <peter@haywire.DIALix.COM>
To: "Igor V. Semenyuk" <iga@sovam.com>
Cc: bugtraq@fc.net
In-Reply-To: <199502232359.AA05679@charybda.sovam.com>
On Fri, 24 Feb 1995, Igor V. Semenyuk wrote:
>
> Does anyone know if IDA sendmail is vulnerable? CERT advisory
> doesn't mention it - is it because IDA considered obsoleted or
> because it is clean?
One would be safer to assume it is vulnerable until it's proven safe...
Eric did say "probably all sendmail's, including most vendor's version 5
derived ones" - IDA is a version 5 sendmail derivative too.
If it was fixed in IDA first, the chances are that somebody going through
the RCS logs would have picked this up ages ago..
-Peter
