Re: OpenServer 5.0.6 OpenServer 5.0.7 : Multiple Vulnerabilities in Sendmail

[George Capehart <gwc@xxxxxxx>]

On Wednesday 28 July 2004 16:10, please_reply_to_security@xxxxxxx 
allegedly wrote:
> _____________________________________________________________________
>_________
>
>                       SCO Security Advisory
>
> Subject:              OpenServer 5.0.6 OpenServer 5.0.7 : Multiple
> Vulnerabilities in Sendmail Advisory number:  SCOSA-2004.11
> Issue date:           2004 July 28
> Cross reference:      sr876461 fz527630 erg712277 CAN-2003-0161 CA-2003-12
>                       sr884730 fz528323 erg712435 CAN-2003-0694 CA-2003-25
> _____________________________________________________________________
>_________
>
>
> 1. Problem Description
>
>       CERT Advisory CA-2003-12
>
>       There is a vulnerability in sendmail that can be exploited
>       to cause a denial-of-service condition and could allow a
>       remote attacker to execute arbitrary code with the privileges
>       of the sendmail daemon, typically root.

This advisory was issued on March 29, 2003.  That was /*sixteen*/ MONTHS 
ago . . . C'mon, guys!

-- 
George W. Capehart

Key fingerprint:  3145 104D 9579 26DA DBC7  CDD0 9AE1 8C9C DD70 34EA

"With sufficient thrust, pigs fly just fine."  -- RFC 1925