Sendmail Mail Transfer Agent (MTA) is an SMTP server used on mail gateways to route and shuttle e-mail. It is offered as an open source Linux product and in commercial Unix versions: the new flaw affects both.
Internet Security Systems said today the Sendmail exploit is a signal race vulnerability caused by the mishandling of asynchronous signals.
By forcing the SMTP server to timeout at a specific instant, an attacker can run malicious code and: exposure, deletion, or modify programs and data on the system; disrupt e-mail delivery; and view confidential documents.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=iBecause Sendmail starts a new process for each connected computer, attackers can exploit it on any machine connected to Sendmail.
Sendmail said it is not aware of any public exploit code for this vulnerability.