Major security flaw found in Sendmail - GoFuckYourself.com

Mr.Fiction · 03-03-2003, 08:08 PM

Mail Server Flaw Could Spawn Slammer II

Patch released for Sendmail hole, found by security team.

Paul Roberts, IDG News Service
Monday, March 03, 2003

A security vulnerability in one of the most common e-mail server software packages could have wide-ranging impact, akin to the Microsoft SQL Server vulnerability that spawned the recent Slammer worm, according to an advisory by Internet Security Systems.

The buffer overflow vulnerability is found in a number of versions of the open-source Sendmail Mail Transfer Agent (MTA), ranging from the most recent release of that software to versions that first appeared in the late 1980s, according to the advisory published Monday. The vulnerability could allow a remote attacker to gain "root" (superuser) access to a Sendmail server, ISS representatives say.

Sendmail is the most popular Unix-based implementation of the Simple Mail Transfer Protocol (SMTP), which is used to transmit e-mail messages. Predating the modern Internet itself, Sendmail is used to process incoming e-mail messages.

http://www.pcworld.com/news/article/0,aid,109639,00.asp

richard · 03-03-2003, 08:16 PM

Buffer overflow exploits are fucking cool.

SpaceAce · 03-03-2003, 10:37 PM

Bump for anyone still in the dark.

SpaceAce

03-03-2003, 08:08 PM	#1
Mr.Fiction Confirmed User Join Date: Feb 2002 Location: Free Speech Land Posts: 9,484	Major security flaw found in Sendmail Mail Server Flaw Could Spawn Slammer II Patch released for Sendmail hole, found by security team. Paul Roberts, IDG News Service Monday, March 03, 2003 A security vulnerability in one of the most common e-mail server software packages could have wide-ranging impact, akin to the Microsoft SQL Server vulnerability that spawned the recent Slammer worm, according to an advisory by Internet Security Systems. The buffer overflow vulnerability is found in a number of versions of the open-source Sendmail Mail Transfer Agent (MTA), ranging from the most recent release of that software to versions that first appeared in the late 1980s, according to the advisory published Monday. The vulnerability could allow a remote attacker to gain "root" (superuser) access to a Sendmail server, ISS representatives say. Sendmail is the most popular Unix-based implementation of the Simple Mail Transfer Protocol (SMTP), which is used to transmit e-mail messages. Predating the modern Internet itself, Sendmail is used to process incoming e-mail messages. http://www.pcworld.com/news/article/0,aid,109639,00.asp

03-03-2003, 08:16 PM	#2
richard Confirmed User Join Date: Feb 2001 Location: UK Posts: 543	Buffer overflow exploits are fucking cool. __________________

03-03-2003, 10:37 PM	#3
SpaceAce Confirmed User Join Date: Jul 2002 Location: Magrathea Posts: 6,493	Bump for anyone still in the dark. SpaceAce