Subject: no mention of NetBSD in CERT(sm) Advisory CA-96.24 (Sendmail Daemon Mode Vulnerability)
To: None <current-users@NetBSD.ORG>
From: Greg A. Woods <woods@kuma.web.net>
List: current-users
Date: 11/21/1996 16:31:04
There's no mention of NetBSD in this advisory, however the following
appears for FreeBSD:
FreeBSD
=======
All currently shipping releases of FreeBSD are affected, including the just
released 2.1.6. An update for 2.1.6 will be available shortly. This problem
has been corrected in the -current sources. In the mean time, FreeBSD users
should follow the instructions in the CERT advisory. Sendmail will compile
and operate "out of the box" on FreeBSD systems.
Is nobody from NetBSD core contacted by CERT regarding pending
advisories? Is NetBSD not considered an OS vendor by CERT? Will the
first patch release for 1.2 include a fix for this problem?
Is NetBSD ready to finally give up on sendmail because of the constant
stream of security holes it creates? [0.25 ;-)]
BTW, "252 send some mail, i'll try my best" in response to a VRFY on the
mail host for netbsd.org isn't very helpful or courteous. Can it not do
better?
--
Greg A. Woods
+1 416 443-1734 VE3TCP robohack!woods
Planix, Inc. <woods@planix.com>; Secrets Of The Weird <woods@weird.com>