Mail Server Flaw Could Spawn Slammer II
Patch released for Sendmail hole, found by security team.
Paul Roberts, IDG News Service
Monday, March 03, 2003
A security vulnerability in one of the most common e-mail server software packages could have wide-ranging impact, akin to the Microsoft SQL Server vulnerability that spawned the recent Slammer worm, according to an advisory by Internet Security Systems.
The buffer overflow vulnerability is found in a number of versions of the open-source Sendmail Mail Transfer Agent (MTA), ranging from the most recent release of that software to versions that first appeared in the late 1980s, according to the advisory published Monday. The vulnerability could allow a remote attacker to gain "root" (superuser) access to a Sendmail server, ISS representatives say.
Sendmail is the most popular Unix-based implementation of the Simple Mail Transfer Protocol (SMTP), which is used to transmit e-mail messages. Predating the modern Internet itself, Sendmail is used to process incoming e-mail messages.
http://www.pcworld.com/news/article/0,aid,109639,00.asp