|
|||||||||||||||||||||||||
|
|||||||||||||||||||||||||
|
Security Update for Sendmail Available
CGIDir The Sendmail project has released a patch for recently discovered security hole in their product. Systems that contain the sendmail Mail Transfer Agent are susceptible, under certain condition, to a dedicated attack that can allow execution of malicious code. So far, Sendmail said, no publicly available exploits for this vulnerability are reported. Within certain operating system architectures, a remote attacker may be able to force certain timing conditions that would allow execution of arbitrary code or commands on a vulnerable system. Systems running an MTA are typically deployed in the DMZ as a gateway for delivering inbound and outbound email, though they may also be used for internal email delivery between systems or applications. In the case of a compromised system, an attack could lead to exposure, deletion, or modification of programs and data on the affected system, interference with or interception of email delivery, and potentially unauthorized access to other systems in the network. Systems running any of the following software are considered vulnerable: Open Source
Sendmail Commercial Products
3rd Party Products Containing the MTA Sendmail working with CERT/CC has notified affected vendors and provided them with source code patches to sendmail MTA 8.12 and 8.13 for use in their affected products. CERT/CC will publish specific vendor information on the availability of customer patches. More information is available at the Sendmail website (www.sendmail.com).
|
Copyright © 1998 - 2018 DevStart, Inc. All Rights Reserved |