Language Selection

English French German Italian Portuguese Spanish

Sendmail flaw opens door to intruders

Filed under
Security

A serious flaw exists in certain versions of the popular Sendmail open-source and commercial e-mail software, but fixes are available, researchers said Wednesday.

The vulnerability, which was reported by Mark Dowd at Internet Security Systems, could allow a remote attacker to take control of a PC. To do this, the intruder would send arbitrary code at carefully crafted time intervals to the SMTP mail server, according to alerts from security providers ISS and FrSirt.

An attack could interfere with or intercept mail delivery, permit the intruder to tamper with other programs and data on the vulnerable system, and potentially provide access to other systems on the affected machine's network.

The flaw relates to all Linux- and Unix-based versions of Sendmail 8 up to version 8.12.6.

Full Story.

More in Tux Machines

Ubuntu Data Collection Report is Out! Read the Interesting Facts

Ubuntu started collecting some basic, not-personally-identifiable system data starting with Ubuntu 18.04. Two months after Ubuntu 18.04 release, Canonical has shared some interesting stats. Read more

Android Leftovers

Updated Debian 8: 8.11 released

The Debian project is pleased to announce the eleventh (and final) update of its oldstable distribution Debian 8 (codename "jessie"). This point release mainly adds corrections for security issues, along with a few adjustments for serious problems. Security advisories have already been published separately and are referenced where available. After this point release, Debian's Security and Release Teams will no longer be producing updates for Debian 8. Users wishing to continue to receive security support should upgrade to Debian 9, or see https://wiki.debian.org/LTS for details about the subset of architectures and packages covered by the Long Term Support project. The packages for some architectures for DSA 3746, DSA 3944, DSA 3968, DSA 4010, DSA 4014, DSA 4061, DSA 4075, DSA 4102, DSA 4155, DSA 4209 and DSA 4218 are not included in this point release for technical reasons. All other security updates released during the lifetime of "jessie" that have not previously been part of a point release are included in this update. Read more Also: Debian 8.11 Released As The End Of The Line For Jessie

Today in Techrights