Hi, still also missing an ether-real update, for the CERT-Message from University of Stuttgart: http://cert.uni-stuttgart.de/ticker/article.php?mid=31 Greetings, Joerg Henner. -- LinuxHaus Stuttgart | Tel.: +49 (7 11) 2 85 19 05 J. Henner & A. Reyer, Datentechnik GbR | D2: +49 (1 72) 7 35 31 09 | Fax: +49 (7 11) 5 78 06 92 Linux, Netzwerke, Consulting & Support | http://lihas.de
Hi,
still also missing an ether-real update, for the CERT-Message from University of Stuttgart:
http://www.ethereal.com/distribution/ 0.8.15 is out, the ChangeLog is 0 bytes so I have no idea whether it is fixed or not, but the CERT is labeled jan 11, and ethereal 0.8.15 is labeled jan 11th as well.
Greetings,
Joerg Henner.
-Kurt
On Die, 13 Feb 2001, Kurt Seifried wrote:
0.8.15 is out, the ChangeLog is 0 bytes so I have no idea whether it is fixed or not, but the CERT is labeled jan 11, and ethereal 0.8.15 is labeled jan 11th as well.
*argh* - so the question may more, is the RPM from the ethereal-guys compatible to the SuSE, or better waiting for a SuSE-Version of it ? Greetings, Joerg Henner. -- LinuxHaus Stuttgart | Tel.: +49 (7 11) 2 85 19 05 J. Henner & A. Reyer, Datentechnik GbR | D2: +49 (1 72) 7 35 31 09 | Fax: +49 (7 11) 5 78 06 92 Linux, Netzwerke, Consulting & Support | http://lihas.de
hello, i have followed the postfix sendmail discussions as much as my understanding of the matter allowed. this is trivial, but i wonder: are there security implications when using sendmail only to send messages, without having a sendmail daemon listening for incoming mail? thanks,liebi
Sendmail runs as root and is a big monolithic piece of software. Postfix isn't.
For example recent (well several months old) bug in Linux kernel capabilities,
exploitable locally through sendmail (and a few other apps potentially, but
exploit code for sendmail was released publically). There wasn't a bug in
Sendmail per se (if you fixed sendmail the bug could still potentially be
exploited) but you could exploit it through sendmail due to it's design (whereas
people like me running postfix had a lot less immediate worry =).
While sendmail has significantly cleaned up in the last 2 years, if there is a
security bug it's usually serious since it's one huge piece of software going as
root, whereas Postfix is made up of several components, only one (small) of
which runs as root. I replace Postfix on general principles now, it's an easy
task and at least one major vendor now ships Postfix as the default MTA
(Mandrake).
Kurt Seifried, seifried@securityportal.com
Securityportal - your focal point for security on the 'net
----- Original Message -----
From: "philipp"
hello, i have followed the postfix sendmail discussions as much as my understanding of the matter allowed. this is trivial, but i wonder: are there security implications when using sendmail only to send messages, without having a sendmail daemon listening for incoming mail? thanks,liebi
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
participants (3)
-
Joerg Henner
-
Kurt Seifried
-
philipp