SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)

• Previous message (by thread): SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS,
• Next message (by thread): SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > You seem to be inferring that it is a bad thing to silently
> > patch bugs which may have security implications. The OpenBSD
> 
> Full disclosure, we believe in it.

That's why OpenBSD and other projects publish the full source
code. That is full disclosure.

> I wonder if the same network operators will be happy about potentially 
> millions of compromised sendmail servers globally.

The world of the network operator is a world of defending against
other people with malicious or broken software. This sendmail
issue is nothing new. Network operators would love to be able to
influence other people's behavior in a positive way, but history
has shown that this meets with little success and is less effective
than strengthening defenses.

--Michael Dillon

• Previous message (by thread): SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS,
• Next message (by thread): SendGate: Sendmail Multiple Vulnerabilities (Race Condition DoS, Memory Jumps, Integer Overflow)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]