ISS discovers Remote Sendmail header processing vulnerability
Mar 3, 2003 — by LinuxDevices Staff — from the LinuxDevices Archive — viewsInternet Security Systems (ISS) X-Force reported today that it has discovered a buffer overflow vulnerability in the Sendmail Mail Transfer Agent (MTA). Sendmail is the most common MTA and has been documented to handle between 50% and 75% of all Internet email traffic, ISS said.
According to the ISS analysis, “attackers may remotely exploit this vulnerability to gain 'root' or superuser control of any vulnerable Sendmail server. Sendmail and all other email servers are typically exposed to the Internet in order to send and receive Internet email. Vulnerable Sendmail servers will not be protected by legacy security devices such as firewalls and/or packet filters. This vulnerability is especially dangerous because the exploit can be delivered within an email
message and the attacker doesn't need any specific knowledge of the target to launch a successful attack.”
All versions of Sendmail from 5.79 to 8.12.7 are vulnerable, ISS said.
Further details as well as information on how to eliminate the vulnerability are available here.
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.