Buffer Overflow in Sendmail 478
ChiefArcher writes "On the footsteps of openssh, Sendmail 8.12.10 has just been released due to a buffer overflow in address parsing. Sendmail states this is potentially remotely exploitable. No updates on the Sendmail site yet, but the FTP site has the release notes."
"Email Different" (Score:5, Funny)
That's why you should entrust all your email services to Hotmail.
Re:"Email Different" (Score:5, Funny)
You've got a point there.
While not as flexible as mutt on a *nix server, at least Hotmail is basicly secure.
Yay! (Score:5, Funny)
Re:*cough* (Score:1, Funny)
Re:Fix this at the language level? (Score:3, Funny)
This is a really difficult one (Score:5, Funny)
Comedy is inappropriate. "Is that sendmail dead? No, it's just sleeping. Oh, I could swear it was dead! No, it's just tired, see? Sendmail gottan exploit, sendmail gottan exploit!"
Irony is difficult. To be honest, I can't even be sure which ironic form I would employ in this case. Forget irony.
Sarcasm? "Sendmail, yeah, like we're still using that dinosaur!" What, we are? Dang. Why? "Cause it was there?" What kind of an excuse is that?!
Nihilism... "yes, another day, another exploit. ssh, now sendmail. I can just see the future, one long bitter trail of unpatched software, server after server to upgrade. brain the size of a planet, and here I am, patching sendmail. what's the use, I ask you...?"
Slashdotisms? All your sendmail overlords are 1-2-3 profit to us? Imagine? In Russia? No, no, no.
SCO! SCO! "It's not an exploit, it's a snippet!!!" Worth a try.
Damn you to the deepest depths of hell, Slsadhot edirots, this story has so little karma leverage it hurts.
Comment removed (Score:3, Funny)
Re:Patch delivery mechanism (Score:5, Funny)
> windows that indicates when new patches are available
> for download?
Yup. it's called "slashdot"
Spam, spam, spam and spam (Score:2, Funny)
Re:I use... (Score:5, Funny)
If you can edit a
Re:"Email Different" (Score:4, Funny)
I didn't realize Microsoft wrote sendmail! (Score:3, Funny)
Re:It's on the site now (Score:2, Funny)
Re:HUH? (Score:2, Funny)
Re:Sendmail's future (Score:5, Funny)
You know... (Score:2, Funny)
Look I know (Score:3, Funny)
Re:OpenSSH as well (Score:5, Funny)
Re:Fix this at the language level? (Score:3, Funny)
I wouldn't be surprised entirely if it turned out that sendmail was the first (and only) non-trivial program that could be expressed in brainfuck [muppetlabs.com]. I fact, I believe that sendmail.cf [busan.edu] had been ported to brainfuck already.
Comment removed (Score:2, Funny)
I suspect this story is fradulent (Score:3, Funny)
Re:Use qmail (Score:3, Funny)
Re:OpenSSH as well (Score:1, Funny)
Yes, I use Microsoft products all the time.
Perpetual newpaper (Score:3, Funny)
The headlines were like "Pope Denounces Violence" and "Real Estate Values Rise" and "Unrest in the Middle East". I think that "Buffer Overflow Found in Sendmail" would have been a worthy addition to the Tech Pages.