SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)

• Previous message (by thread): SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
• Next message (by thread): SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS,
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michael.Dillon at btradianz.com wrote:
>>I wonder how many other unreported silently-patched
>>vulnerabilities are out there?
> 
> 
> You seem to be inferring that it is a bad thing to silently
> patch bugs which may have security implications. The OpenBSD

Full disclosure, we believe in it.

> team makes a habit of auditing software for flaws and fixing
> them without waiting to find out whether they create actual
> security vulnerabilities. They consider this to be a GOOD thing.

It is a good thing.

> I think that people who use software also consider it to
> be good for software flaws to be fixed as quickly as possible.
> Inevitably, this means that if the DEVELOPERS discover a 
> flaw, they will fix it before they tell anyone about it. The
> reason that security researchers publish bulletins about
> security flaws is because they are unable to fix them 
> either due to lack of skill, or more commonly, they just 
> don't have permission to commit changes to the source code.
> 
> Network operators are users of software and not developers,
> therefore most network operators are happy when flaws are
> fixed early and often.

I wonder if the same network operators will be happy about potentially 
millions of compromised sendmail servers globally.

• Previous message (by thread): SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
• Next message (by thread): SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS,
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]