Not many, but look at severity

Posted Mar 23, 2006 16:50 UTC (Thu) by rfunk (subscriber, #4054)
In reply to: A serious sendmail security hole by mjcox@redhat.com
Parent article: A serious sendmail security hole

I agree that there aren't many vulnerabilities in any MTAs these days. But it only takes one remote root to ruin your week.

Vulnerabilities fixed in sendmail: 1 critical Vulnerabilities fixed in postfix: 1 low

It's striking to me that even after sendmail fixed some architecture problems with 8.12, there have been multiple remote root holes discovered, while the better-architected postfix and qmail have never had any remote root holes discovered in that same amount of time -- or ever, to my knowledge.

Vulnerabilities fixed in exim: 3 moderate

Meanwhile, exim gets by with an architecture similar to sendmail's, but starts with better code, and the results seem to show the compromise.