http://securityfocus.com/frames/?content=/templates/column.html%3Fid%3D22 The recent Sendmail local root exploit must have supporters of alternative SMTP servers chuckling. I won't be surprised if this exploit is cited by many as another reason to switch from Sendmail to Postfix or qmail. I don't buy those arguments, but there are reasons for some sites to consider an alternative. The new hole is straightforward enough: improper parameters can be passed by local users to the debug command, which can result in elevated privileges. This is the first serious security flaw in Sendmail since 1997, according to reports, and as a local root exploit it is to my mind a member of the third most serious class of exploits. I consider both remote root and remote user exploits to be more serious, because they subvert authentication, while local root exploits only defeat limits on authorization. -- Florin Andrei "Our kernel does have source control: its name is Linus Torvalds, CVS with a brain." - Nicholas Knight --- Send e-mail to '[EMAIL PROTECTED]' with 'unsubscribe rlug' to unsubscribe from this list.
