Comments on: Sendmail flaw opens door to intruders

Unless people make recommended fixes, remote attackers could gain control to their systems.

[jasred]

Fascinating!

Does this mean that Windows is more secure than Linux? How can this be true? All the 'nix gurus have been shouting to the roof tops for years that Windows is inherently more insecure than Linux and of course they are the experts!

The same application on two different OSs - one can be breached the other can't - can someone explain technically how this is possible :-)? (I suspect I know but I'd love to hear from the anti-MS mobbility).

[mwa423]

As usual, you don't understand the difference between an OS and a program

Windows and Linux are operating systems. Name the last serious hole in the linux kernel. Windows is an operating system, name the last serious hole....3 come to mind in the past year, the rpc hole, the lsass hole, and the wmf hole.

This is a program running on windows and linux that has a hole. It is not windows, it is not linux. Linux is, was, and will continue to be more secure then windows. I'm not exactally impressed with Microsoft's promises to have strong security in vista, wasn't XP supposed to be the end of all computer viruses?

Though...I should note, my computer is Windows XP SP2 (though, behind a router/hardware firewall, software firewall, and has 2 anti virus programs/anti spyware running at all times).

[Johnny Mnemonic]

Not to be to pendantic...

But, this is a "potential security vulnerability"
rather than an actual exploit. There is a
difference. Considering this fact and the fact that
server processes on Linux have context isolation,
this is not a Linux vulnerability, rather an
application vulnerability. Much like an Oracle
vulnerability would not be considered a Windows
vulnerability even though it is more likely to
be exploitable on Windows because of its architecture. I personally have migrated most of
my clients to "postfix" since it is better engineered.
Sendmail has always had a bad reputation. It is
generally considered a bit of a hack even after
it has been completely re-written in the last few
years.

[shantanu77]

Hand that runs 70% of world emails

This is a critical issue, Extremely critical issue. The problem is 70% of world emails are sent through sendmail.
The enormous number of servers shall give extremely good reason for a cracker to create such codes.

I think if internet community do not take it seriously this flaw can be bigger trouble than Melisa, nimda or code-red.

~Shantanu
http://godisnear.blogspot.com

[Johnny Mnemonic]

Easy there chief

Unless you are running a very old Linux or even
Unix distribution it will not effect your email.
The rest, well it is inevitable that these systems
would be hit, thin the herd.

[thedreaming]

fixes already available

If fixes are already available for this problem, why is this even news? Just make the necessary changes and move on.

[aabcdefghij987654321]

Fixes have to be installed to be useful

That's why it's news. People who use Sendmail need to know there are fixes they'd better have and soon which makes a very good reason for this article.

[Johnny Mnemonic]

Curious

Why is this considered a Linux vulnerability? It
is a sendmail vulnerability much like an MS Exchange
vulnerability is not a Windows vulnerability.
Although, I admit, there is likely a Windows
vulnerability that the former would be taking
advantage of. But, the Windows world does not
translate to Linux or Unix.