[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <8f5ca2210603231040t67178eafyd4d5ec3c81cb3e31@mail.gmail.com>
Date: Thu Mar 23 18:40:40 2006
From: kyphros at gmail.com (Mike Owen)
Subject: SendGate: Sendmail Multiple Vulnerabilities
(Race Condition DoS, Memory Jumps, Integer Overflow)
On 3/23/06, Gadi Evron <ge@...uxbox.org> wrote:
> Tech details:
> Sendmail vulnerabilities were released yesterday. No real public
> announcements to speak of to the security community.
>
<snip>
> Public announcement
> -------------------
> FreeBSD were the only ones who released a public announcement of a patch
> and emailed it to bugtraq so far.
>
<snip>
Not sure what you mean by no advisories from the major distros.
The CERT advisory went out at about 1700GMT. At the same time, RedHat
sent out their notices, Mandrake, SUSE and Gentoo were within a few
hours. Debian and Sun had updates within 24 hours.
I'd say that covers the major players, and all of them were sent out
by the time you sent your email. If you mean specifically Bugtraq (tm)
postings, then you're right, they haven't been released by the
moderators of that list yet. Bugtraq is what a moderated FD would look
like, which is why it's not anywhere near as popular or useful as it
was back in the Aleph1 netspace.org days.
While I agree with you that this vulnerability should have more
publicity then it does, I don't think everything is quite as gloomy as
you're making it sound.
Mike
Powered by blists - more mailing lists