Slashdot Mirror


Buffer Overflow in Sendmail

ChiefArcher writes "On the footsteps of openssh, Sendmail 8.12.10 has just been released due to a buffer overflow in address parsing. Sendmail states this is potentially remotely exploitable. No updates on the Sendmail site yet, but the FTP site has the release notes."

10 of 478 comments (clear)

  1. "Email Different" by Anonymous Coward · · Score: 5, Funny


    That's why you should entrust all your email services to Hotmail.

    1. Re:"Email Different" by CausticWindow · · Score: 4, Funny

      You've got a point there.

      While not as flexible as mutt on a *nix server, at least Hotmail is basicly secure.

      --
      How small a thought it takes to fill a whole life
    2. Re:"Email Different" by buffer-overflowed · · Score: 4, Funny

      No, you should entrust all your email to me... I'm a nice guy really. I'm *never* responsible for remotely exploitable holes.

      --
      The key to the enjoyment of pop music is to replace any instance of "love" with "C.H.U.D."
  2. Yay! by Greyfox · · Score: 5, Funny

    I'll have to dust off my sendmail sploit-of-the-week card and get them to punch it for me! 12 punches and you get a free MTA!

    --

    I'm trying to teach myself to set people on fire with my mind... Is it hot in here?

  3. This is a really difficult one by heironymouscoward · · Score: 4, Funny

    A serious response to the story is too bleak. Ho-hum, upgrade sendmail, patch it, OK.

    Comedy is inappropriate. "Is that sendmail dead? No, it's just sleeping. Oh, I could swear it was dead! No, it's just tired, see? Sendmail gottan exploit, sendmail gottan exploit!"

    Irony is difficult. To be honest, I can't even be sure which ironic form I would employ in this case. Forget irony.

    Sarcasm? "Sendmail, yeah, like we're still using that dinosaur!" What, we are? Dang. Why? "Cause it was there?" What kind of an excuse is that?!

    Nihilism... "yes, another day, another exploit. ssh, now sendmail. I can just see the future, one long bitter trail of unpatched software, server after server to upgrade. brain the size of a planet, and here I am, patching sendmail. what's the use, I ask you...?"

    Slashdotisms? All your sendmail overlords are 1-2-3 profit to us? Imagine? In Russia? No, no, no.

    SCO! SCO! "It's not an exploit, it's a snippet!!!" Worth a try.

    Damn you to the deepest depths of hell, Slsadhot edirots, this story has so little karma leverage it hurts.

    --
    Ceci n'est pas une signature
  4. Re:Patch delivery mechanism by Anonymous Coward · · Score: 5, Funny

    > Does Linux have an Auto-update mechanism similar to
    > windows that indicates when new patches are available
    > for download?

    Yup. it's called "slashdot"

  5. Re:I use... by 1010011010 · · Score: 4, Funny


    If you can edit a .cf file by hand, you've earned the right to run it. :) And the punishment of running it.

    --
    Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
  6. Re:Sendmail's future by Fizzlewhiff · · Score: 4, Funny

    I agree and am migrating to Exchange as I type this. Hopefully it, and Outlook will be more secure for my users.

    --

    'Same speed C but faster'
  7. Re:OpenSSH as well by lone_marauder · · Score: 5, Funny

    What?? You don't trust software compiled by flying butt monkeys?

    --
    who are those slashdot people? they swept over like Mongol-Tartars.
  8. Re:Use qmail by Anonymous Coward · · Score: 3, Funny

    bernstein managed to suck out the brain of many people?