Sendmail Patches Remote Exploit

Security experts have found a flaw in Sendmail’s server software that will
allow an attacker to hijack a user’s personal computer and view sensitive
information.


Sendmail Mail Transfer Agent (MTA) is an SMTP server used on mail gateways
to route and shuttle e-mail. It is offered as an open source Linux product
and in commercial Unix versions: the new flaw affects both.


Internet Security Systems said today the
Sendmail exploit is a signal race vulnerability caused by the mishandling of
asynchronous signals.


By forcing the SMTP server to timeout at a specific instant, an attacker can
run malicious code and: expose, delete or modify programs and data on
the system; disrupt e-mail delivery; and view confidential documents.


Because Sendmail starts a new process for each connected computer, attackers
can exploit it on any machine connected to Sendmail.


Sendmail said it is not aware of any public exploit code for this
vulnerability.


Sendmail.org has since plugged the hole in the latest open source version,
8.13.6, which may be accessed here.


Sendmail.org is also offering patches for 8.13.5 and 8.1211.


Sendmail.com is offering fixes for Unix system that may be affected
here.


Sendmail has had its share of exploits pop up in the past.


In 2003, the Sendmail Consortium updated
its popular open-source MTA to plug a security problem in header parsing.
That flaw was also discovered by ISS.

Article courtesy of internetnews.com

Latest Articles

Follow Us On Social Media

Explore More