| |||||||||||||
|
| |||||||||||||
A serious sendmail security holeA serious sendmail security holePosted Mar 23, 2006 8:58 UTC (Thu) by mjcox@redhat.com (subscriber, #31775)Parent article: A serious sendmail security hole
FWIW, for all Red Hat Enterprise Linux (so from 20020517 to date) this is the first sendmail vulnerability needing to be fixed....
Vulnerabilities fixed in sendmail: 1 critical
The data isn't for comparison (only version 4 shipped exim, so it has a shorter date range), but recently there are not as many vulnerabilities in MTAs as people think.
(Log in to post comments)
Not many, but look at severity Posted Mar 23, 2006 16:50 UTC (Thu) by rfunk (subscriber, #4054) [Link] I agree that there aren't many vulnerabilities in any MTAs these days. But it only takes one remote root to ruin your week.Vulnerabilities fixed in sendmail: 1 critical Vulnerabilities fixed in postfix: 1 low It's striking to me that even after sendmail fixed some architecture problems with 8.12, there have been multiple remote root holes discovered, while the better-architected postfix and qmail have never had any remote root holes discovered in that same amount of time -- or ever, to my knowledge. Vulnerabilities fixed in exim: 3 moderate Meanwhile, exim gets by with an architecture similar to sendmail's, but starts with better code, and the results seem to show the compromise.
|
|
||||||||||||