Security Firm Caulks Sendmail Exploit
Sendmail plugs a hole that will a perpetrator take control of computers.
Sendmail Mail Transfer Agent (MTA) is an SMTP server used on mail gateways to route and shuttle e-mail. It is offered as an open source Linux product and in commercial Unix versions: the new flaw affects both.
Internet Security Systems said today the Sendmail exploit is a signal race vulnerability caused by the mishandling of asynchronous signals.
By forcing the SMTP server to timeout at a specific instant, an attacker can run malicious code and: exposure, deletion, or modify programs and data on the system; disrupt e-mail delivery; and view confidential documents.
Sendmail said it is not aware of any public exploit code for this vulnerability.