Not many, but look at severity
Posted Mar 23, 2006 16:50 UTC (Thu) by rfunk
In reply to: A serious sendmail security hole
Parent article: A serious sendmail security hole
I agree that there aren't many vulnerabilities in any MTAs these days.
But it only takes one remote root to ruin your week.
Vulnerabilities fixed in sendmail: 1 critical
Vulnerabilities fixed in postfix: 1 low
It's striking to me that even after sendmail fixed some architecture
problems with 8.12, there have been multiple remote root holes
discovered, while the better-architected postfix and qmail have never had
any remote root holes discovered in that same amount of time -- or ever,
to my knowledge.
Vulnerabilities fixed in exim: 3 moderate
Meanwhile, exim gets by with an architecture similar to sendmail's, but
starts with better code, and the results seem to show the compromise.
to post comments)