Sendmail bug to flaw: should I file another bug report?
Les Mikesell
lesmikesell at gmail.com
Wed Aug 30 16:41:58 UTC 2006
On Wed, 2006-08-30 at 11:24 -0500, Gilbert Sebenste wrote:
> >
> > CVE-2006-4434 ignore (sendmail, fixed 8.13.8) not exploitable
> >
> > The CVE says:
> >
> > Official Statement from Red Hat (8/30/2006)
> > This flaw causes a crash but does not result in a denial of service
> > against Sendmail and is therefore not a security issue.
>
> Causing a crash from remotely is NOT a security issue? Someone explain
> that to me, please...
I think this means a crash of a child sendmail process handling the
connection that causes the crash. That shouldn't affect anything else.
--
Les Mikesell
lesmikesell at gmail.com
More information about the fedora-list
mailing list