My comments were on the asertion about: 'most commonly
exploited port of entry for malicious "crackers"'
REMOTE exploits are what kill you -- LOCAL require local host
access -- and only sysadmins (and trusted others) get shell
access on mailservers in a well compartmentalized ISP
environment. I respond inline below on the op. cit.
Executive summary -- no REMOTE examples were cited.
On Sat, 17 Nov 2001, Jeff Barriault wrote:
> Right off the sendmail.org homepage, under the heading NewsFlash:
>
> * Sendmail 8.12.1 <http://www.sendmail.org/8.12.1.html> is
> available; it fixes a potential local security problem for several
> operating systems.
LOCAL
> * Sendmail 8.11.6 <http://www.sendmail.org/8.11.html> is available;
> it fixes a security problem with command line processing.
LOCAL
> * Sendmail 8.11.0 <http://www.sendmail.org/8.11.0.html> is
> available; it includes support for STARTTLS and SMTP AUTH encryption.
No bug ...
> * An important * security announcement
> <http://www.sendmail.org/sendmail.8.10.1.LINUX-SECURITY.txt>* has
> been released regarding a Linux kernel bug in versions up to 2.2.15.
LOCAL
-- Russ
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:23:56 EDT