Linux Today: Linux News On Internet Time.

SecurityFocus.com: Return to sender? (Is it time to switch to a Sendmail alternative?)

Sep 09, 2001, 23:48 (26 Talkback[s])
(Other stories by Jon Lasser)
"The recent Sendmail local root exploit must have supporters of alternative SMTP servers chuckling. I won't be surprised if this exploit is cited by many as another reason to switch from Sendmail to Postfix or qmail. I don't buy those arguments, but there are reasons for some sites to consider an alternative.

The new hole is straightforward enough: improper parameters can be passed by local users to the debug command, which can result in elevated privileges. This is the first serious security flaw in Sendmail since 1997, according to reports, and as a local root exploit it is to my mind a member of the third most serious class of exploits. I consider both remote root and remote user exploits to be more serious, because they subvert authentication, while local root exploits only defeat limits on authorization.

The problem is somewhat reminiscent of the Sendmail exploit used by the Morris worm, in that it exploits Sendmail's debug mode. (Incidentally, my last column incorrectly identified that worm as the first: I had intended to say only that it was the first Internet worm. Researchers at Xerox PARC had experimented with worms long before Robert T. Morris wrote his.)"

Complete Story

Related Stories: