Re: Sendmail bug to flaw: should I file another bug report?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Subject: Re: Sendmail bug to flaw: should I file another bug report?
From: Les Mikesell <lesmikesell@xxxxxxxxx>
Date: Wed, 30 Aug 2006 11:41:58 -0500
In-reply-to: <Pine.LNX.4.64.0608301122030.16218@xxxxxxxxxxxxxxxxxxxxxx>
References: <Pine.LNX.4.64.0608301046430.7827@xxxxxxxxxxxxxxxxxxxxxx> <ufaac5m9q77.fsf@xxxxxxxxxxxxxxxxxxxxx> <Pine.LNX.4.64.0608301122030.16218@xxxxxxxxxxxxxxxxxxxxxx>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

On Wed, 2006-08-30 at 11:24 -0500, Gilbert Sebenste wrote:
> >
> > CVE-2006-4434 ignore (sendmail, fixed 8.13.8) not exploitable
> >
> > The CVE says:
> >
> > Official Statement from Red Hat (8/30/2006)
> > This flaw causes a crash but does not result in a denial of service
> > against Sendmail and is therefore not a security issue.
> 
> Causing a crash from remotely is NOT a security issue? Someone explain 
> that to me, please...

I think this means a crash of a child sendmail process handling the
connection that causes the crash.  That shouldn't affect anything else.

-- 
  Les Mikesell
   lesmikesell@xxxxxxxxx

References:
- Sendmail bug to flaw: should I file another bug report?
  - From: Gilbert Sebenste
- Re: Sendmail bug to flaw: should I file another bug report?
  - From: Jason L Tibbitts III
- Re: Sendmail bug to flaw: should I file another bug report?
  - From: Gilbert Sebenste

Prev by Date: Re: Fedora Outage Notice for August 30th, 2006
Next by Date: Re: Fwd: How to prevent uploads of broken packages
Previous by thread: Re: Sendmail bug to flaw: should I file another bug report?
Next by thread: removing ssh access in an emergency
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]