internetnews: More Headaches for Sendmail

"The Sendmail Consortium, which manages deployment of the world's most popular message transfer agent (MTA) to handle email, was left scrambling over the weekend to fix a remotely exploitable vulnerability that could allow an attacker to gain control of a unpatched sendmail server.

"The vulnerability, discovered by Michal Zalewski, occurs because address parsing code in sendmail does not adequately check the length of email addresses. An email message with a specially crafted address could trigger a stack overflow. As a result, the vulnerability can be exploited to cause a denial-of-service condition and could allow a remote attacker to execute arbitrary code with the privileges of the sendmail daemon, typically root, according to a CERT advisory issued over the weekend.

"'Most organizations have a variety of mail transfer agents (MTAs) at various locations within their network, with at least one exposed to the Internet. Since sendmail is the most popular MTA, most medium-sized to large organizations are likely to have at least one vulnerable sendmail server. In addition, many UNIX and Linux workstations provide a sendmail implementation that is enabled and running by default,' CERT warned in its advisory..."

Complete Story

Related Stories:

• Slackware Linux Advisories: samba, sendmail(Mar 30, 2003)
• SearchSecurity: Public Exploit Available for Sendmail Flaw(Mar 06, 2003)
• CNET: Sendmail Flaw Tests Homeland Security(Mar 04, 2003)