Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sendmail Hit by Data Interception Flaw

Posted by ryuzaki0 on from the bumps-in-the-night dept.

ricepudd writes "Computer Weekly reports that Internet security researchers have discovered a serious flaw in Sendmail. The flaw could allow remote attackers to take control of users' PCs. The Sendmail Consortium urged users to upgrade to version 8.13.6 of the software, which contains a fix to the problem. Computer Weekly seems to think that the fact that the Windows version isn't affected will help curtail the threat."

2 of 208 comments (clear)

  1. Re:Sendmail - now in its third decade of exploits by Radak · · Score: 5, Insightful

    Results 1 - 10 of about 18,000,000 for linux exploit.

    We've been struggling with Linux exploits since its birth, too. Shall we "drop the turkey" every time a new Linux exploit pops up, too, or should we acknowledge that it's a complicated piece of software whose security generally improves as it matures? I thought so.

    Oh, and just for good measure...

    Results 1 - 10 of about 203,000 for qmail exploit.
    Results 1 - 10 of about 283,000 for postfix exploit.

    I note that those queries generate about 1/3 and about 1/2 as many results, respectively, for products that have existed for about 1/10 as long as sendmail. By your ridiculously flawed "Google logic", qmail and postfix are far more dangerous "turkeys" than sendmail.

  2. Re:The inevitable 'use postfix!' post.... by ajs · · Score: 5, Insightful

    There was a time when sendmail exploits were all the rage, but at the time, sendmail was one of a very, very small number of programs that had reached its level of maturity, breadth of features AND was network accessible, and was the only one in widespread use under Unix-like systems. Because of some high-profile bugs, many companies including Sun and later Red Hat did heavy security audits of the code, revealing and fixing more problems.

    These are all good things, and it seems to me to be a bit two-faced to say that the power of open source is that there are many eyes on the source, and then to punish the software with the most eyes on it. Sendmail has been the heart of mail on the Internet for decades, and deservedly will continue to do so for the forseeable future.

    These bugs demonstrate the old saying: where there is code, there are bugs. I'll stick with software that has already had the vast majority of its security problems shaken out.