Security Firm Caulks Sendmail Exploit

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
Security experts have found a flaw in Sendmail's server software that will allow an attacker to hijack a user's personal computer and view sensitive information.

Sendmail Mail Transfer Agent (MTA) is an SMTP server used on mail gateways to route and shuttle e-mail. It is offered as an open source Linux product and in commercial Unix versions: the new flaw affects both.

Internet Security Systems said today the Sendmail exploit is a signal race vulnerability caused by the mishandling of asynchronous signals.

By forcing the SMTP server to timeout at a specific instant, an attacker can run malicious code and: exposure, deletion, or modify programs and data on the system; disrupt e-mail delivery; and view confidential documents.

Because Sendmail starts a new process for each connected computer, attackers can exploit it on any machine connected to Sendmail.

Sendmail said it is not aware of any public exploit code for this vulnerability.

This article was first published on InternetNews.com. To read the full article, click here.

Submit a Comment

Loading Comments...