Leland K. Neely says:
> Flame on:
> Please refrain from disclosing bug particulars on an email list.
> All we need is to have hackers get the inside poop on a hole faster
> than we can patch it.
> Flame off.
> I know you are trying to understand the vulnerability, but please consider
> the (potential) audience when asking such questions.
The hackers are already furiously working on this. Meanwhile, I have a
multi-billion dollar company thats potentially vulnerable and I don't
have enough real information to be able to decide on a reasonable
response. I'm not running a standard sendmail, no one will tell me
what the bug is so I can check if I'm vulnerable, I can't go out and
use the patched Sun sendmail because I don't run it, etc.
In other words, all this has succeeded in doing is making me paranoid
and I have no idea what to do.
You, Mr. Neely, might be perfectly happy not knowing what the
vulnerability is, but I *NEED* to know.