Tag: Sendmail
-
That Vulnerability is “Theoretical”!
[This was originally published on the OSVDB blog.] A few days ago, while writing a draft of a different blog, I made reference to and said “we’re well aware of the pitfalls around calling a vulnerability ‘theoretical’“! I wanted to link off to what I was referencing, a case where security researchers found a vulnerability…
-
Rare case where being unprofessional is justified?
[This was originally published on the OSVDB blog.] I think I may have found it. Claus Assmann (no no, too easy) of sendmail.org recently said some words to the CVE team regarding a recent Sendmail DoS. Look at the words and think about it: BTW: it would be nice if your process of creating a…
-
10 Infamous Moments In Security Research
[This was originally published on the OSVDB blog.] 10 Infamous Moments In Security ResearchInformationWeek – Apr 17, 2006 1. SQL Slammer2. Windows Plug and Play3. Cisco IOS heap overflow4. Windows Metafile5. Oracle transparent data encryption6. Oracle PLSQL gateway7. Apple Mac iChat8. Internet Explorer createTextRange()9. Internet Explorer HTA files10. Sendmail SMTP server software While many of…
-
Vulnerability History
[This was originally published on the OSVDB blog.] Steven Christey (CVE) recently posted about vulnerability history and complexity. The recent sendmail vulnerability has brought up discussion about both topics and adds another interesting piece of history to the venerable sendmail package. One point to walk away with is that while sendmail has a long history…
-
The Oldest Vulnerability Contest
[This was originally published on the OSVDB blog.] What is the oldest documented vulnerability? As far as OSVDB is aware, it’s a tie between UNIX-V6 su File Descriptor Exhaustion Local Privilege Escalation and Sendmail Unspecified Multiple Security Issues (yes, we’d love to know the details of the Sendmail issues back then!). These were documented on…