Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security-Fix Sendmail 8.12.9 Released

Posted by timothy on from the preemptive dept.

bahamutirc writes "Yet another security problem was discovered by Michal Zalewski in Sendmail 8.12.8, 'a buffer overflow in address parsing due to a char to int conversion problem which is potentially remotely exploitable.' Apparently somebody jumped the gun and posted before Sendmail had a chance to notify anyone, so they had to release it today. Go grab your source." Here's the CERT advisory.

7 of 166 comments (clear)

  1. Too late sendmail monkeys! by Dogun · · Score: 5, Funny

    I switched to postfix last time! MWAHAHAHAHA!

  2. Sendmail advertisement by statusbar · · Score: 4, Funny

    "Providing hackers with security holes for DECADES" --jeff++

    --
    ipv6 is my vpn
  3. Sednmail holes are GOOD by Adam9 · · Score: 4, Funny

    See, they give you much needed practice of patching services at a proper pace! Patching it every 2 weeks or so is great practice for every administrator. Every good admin should have at least 1 box with sendmail on it. See, a few years ago I put on qmail. Now my patch skills are severely lacking. When this advisory for sendmail came out today, I said "that's enough, I'm falling behind. I'm going back to sendmail." I think I'll be much more happier now.

  4. Dear IT Workers by I+Am+The+Owl · · Score: 4, Funny
    Please stop using Sendmail. I'm tired of my favorite IRC networks being DDOSed by machines whose administrators were too incompetent to use a real MTA.

    Thank you,
    --The rest of the fucking Internet

    --

    --sdem
  5. Re:Sendmail.... by kuroth · · Score: 4, Funny

    > What does [sendmail] do that [qmail] doesn't?

    It gives you something to do on Saturdays. See, the sendmail team knows how tedious it is to do things like spend time with your wife and kids, play fetch with the dog, wax the car, and mow the lawn. Therefore, every two to four weeks, they release a fantastic new remote exploit, so you can spend your Saturday patching stuff or running your package management program of choice.

    This stands in start constrast to qmail. If you were running qmail, you'd have no choice but to spend all that annoying "quality" time with your friends and family. Secure and reliable? Honestly, I don't know what DJB was thinking.

  6. What's the difference by donscarletti · · Score: 3, Funny
    What's the difference between sendmail and telnet?

    You need a password to get root access through telnet!

    *ducks barrage of rotten fruit*

    But seriously, and without the bad humor, it makes me wonder why everyone allways sees X as the bloated, non-scensical, anacronistic piece of junk that is holding LINUX/BSD back. Hell at least I can understand a XF86Conf-4 file (although the old style XF86Conf file is still rather infuriating).

    --
    When Argumentum ad Hominem falls short, try Argumentum ad Matrem
  7. sendmail security by Billly+Gates · · Score: 2, Funny

    55 flaws in the code, 55 flaws in the code....

    Take one down debug it around 58 flaws in the code...

    --
    http://saveie6.com/