"The Sendmail Consortium, which manages deployment of the
world's most popular message transfer agent (MTA) to handle email,
was left scrambling over the weekend to fix a remotely exploitable
vulnerability that could allow an attacker to gain control of a
unpatched sendmail server.
"The vulnerability, discovered by Michal Zalewski, occurs
because address parsing code in sendmail does not adequately check
the length of email addresses. An email message with a specially
crafted address could trigger a stack overflow. As a result, the
vulnerability can be exploited to cause a denial-of-service
condition and could allow a remote attacker to execute arbitrary
code with the privileges of the sendmail daemon, typically root,
according to a CERT advisory issued over the weekend.
"'Most organizations have a variety of mail transfer agents
(MTAs) at various locations within their network, with at least one
exposed to the Internet. Since sendmail is the most popular MTA,
most medium-sized to large organizations are likely to have at
least one vulnerable sendmail server. In addition, many UNIX and
Linux workstations provide a sendmail implementation that is
enabled and running by default,' CERT warned in its
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.