Re: SpamAssassin DOS-Fix anytime soon ?

To: debian-security@lists.debian.org
Subject: Re: SpamAssassin DOS-Fix anytime soon ?
From: Felix Willmann <felix@mutantbrains.com>
Date: Fri, 24 Jun 2005 17:01:47 +0200
Message-id: <[🔎] 42BC205B.7060509@mutantbrains.com>
In-reply-to: <[🔎] Pine.LNX.4.62.0506241553140.12883@orion>
References: <[🔎] 42BAA028.6060105@kapsobor.de> <[🔎] Pine.LNX.4.62.0506231543250.3695@orion> <[🔎] 20050624104743.GB22878@nekral.homelinux.net> <[🔎] Pine.LNX.4.62.0506241553140.12883@orion>

Marek Olejniczak wrote:


Just to be sure. You meant the sudo package?


Yes, sudo package is broken:

at least the sudo vulnerability can easily be fixed with a workaround('correct' order of /etc/sudoers), is a local exploitability and thenonly for users who already were sudoers. so it is not really thatcritical. the spamassassin on the other hand seems way more severe sinceit sounds as if one email would suffice to shutdown spamassassin andsubsequently possibly even the whole MTA.


,iso

--

Reply to:

References:
- SpamAssassin DOS-Fix anytime soon ?
  - From: iso@kapsobor.de
- Re: SpamAssassin DOS-Fix anytime soon ?
  - From: Marek Olejniczak <marek@olmar.poznan.pl>
- Re: SpamAssassin DOS-Fix anytime soon ?
  - From: Nicolas François <nicolas.francois@centraliens.net>
- Re: SpamAssassin DOS-Fix anytime soon ?
  - From: Marek Olejniczak <marek@olmar.poznan.pl>

Prev by Date: Re: SpamAssassin DOS-Fix anytime soon ?
Next by Date: Re: Empty /root/.bash_history
Previous by thread: Re: SpamAssassin DOS-Fix anytime soon ?
Next by thread: Re: SpamAssassin DOS-Fix anytime soon ?
Index(es):
- Date
- Thread