[Mimedefang] Issues with porting MIMEDefang to another MTA
Fox, Randy
Randy_Fox at csgsystems.com
Tue Apr 1 11:25:01 EST 2003
> From: Stephane Lentz [mailto:Stephane.Lentz at ansf.alcatel.fr]
> Sent: Tuesday, April 01, 2003 9:47 AM
>
> So, in total we have seven bugs: one non-exploitable, four local root,
> and two remote root
>
My 2 cents worth... Sometime last summer, a programmer discovered that code in glibc allowed a buffer overflow to cause an access problem. That caused CERT issue a warning/alert. Since that time every CERT warning/alert that has come to my attention revolves around a buffer overflow issue. I'm guessing that our programmer friends are currently looking hard a what happens if attempts are made to overflow various buffers. Every time they find a serious one on a widely used application, CERT does their job. I believe we will be seeing these for a while longer in various apps, hopefully, no more in sendmail. I'm thankful that of the ones found in sendmail, it's the programmers finding them and not the hackers. Sendmail remains a very secure/trustworthy application.
Randy
More information about the MIMEDefang
mailing list