On Wed, 2006-04-12 at 14:38, Mike Stankovic wrote:
--- Les Mikesell lesmikesell@gmail.com wrote:
On Wed, 2006-04-12 at 12:29, Mike Stankovic wrote:
The recent sendmail security update allows a remote root exploit !!
*If* sendmail is running as root and you can time your exploit to hit while it is executing a setjmp() instruction which sounds kind of theoretical to me. But your point about staying current with updates is absolutely correct.
From February 15th 2005 through February 14th 2006 the
list at http://www.redhat.com/magazine/017mar06/features/riskreport/ outlines them in greater detail. (Note there have been other risks since February 15th 2006)
Yes, I've just seen other comments about the sendmail update that implied that it was part of a long/continuing history of security problems, when in fact catching such a theoretical problem shows that current sendmail is probably one of the best-audited programs around. As that link points out, it isn't anywhere close to the top of the list of programs with recent security problems. Anyway, if you are fairly up to date your biggest risk now is probably password guessing in ssh. It - or pam - should really have some kind of built in rate limiting and IP blacklisting.