Sendmail flaw opens door to intruders
A serious flaw exists in certain versions of the popular Sendmail open-source and commercial e-mail software, but fixes are available, researchers said Wednesday.
The vulnerability, which was reported by Mark Dowd at Internet Security Systems, could allow a remote attacker to take control of a PC. To do this, the intruder would send arbitrary code at carefully crafted time intervals to the SMTP mail server, according to alerts from security providers ISS and FrSirt.
An attack could interfere with or intercept mail delivery, permit the intruder to tamper with other programs and data on the vulnerable system, and potentially provide access to other systems on the affected machine's network.
The flaw relates to all Linux- and Unix-based versions of Sendmail 8 up to version 8.12.6.