Subject: no mention of NetBSD in CERT(sm) Advisory CA-96.24 (Sendmail Daemon Mode Vulnerability)
To: None <current-users@NetBSD.ORG>
From: Greg A. Woods <>
List: current-users
Date: 11/21/1996 16:31:04
There's no mention of NetBSD in this advisory, however the following
appears for FreeBSD:

	All currently shipping releases of FreeBSD are affected, including the just
	released 2.1.6. An update for 2.1.6 will be available shortly. This problem
	has been corrected in the -current sources. In the mean time, FreeBSD users
	should follow the instructions in the CERT advisory. Sendmail will compile
	and operate "out of the box" on FreeBSD systems.

Is nobody from NetBSD core contacted by CERT regarding pending
advisories?  Is NetBSD not considered an OS vendor by CERT?  Will the
first patch release for 1.2 include a fix for this problem?

Is NetBSD ready to finally give up on sendmail because of the constant
stream of security holes it creates?  [0.25 ;-)]

BTW, "252 send some mail, i'll try my best" in response to a VRFY on the
mail host for isn't very helpful or courteous.  Can it not do

							Greg A. Woods

+1 416 443-1734			VE3TCP			robohack!woods
Planix, Inc. <>; Secrets Of The Weird <>