Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » A critical Sendmail vulnerability

A critical Sendmail vulnerability

by Nikola Strahija on March 22nd, 2006 Errors in the Sendmail program allow a remote exploit, and take-over of whole systems


Mark Dowd of ISS X-Force has recently discovered a nasty bug in the Sendmail application. The erroneous setjmp, longjmp and sm_syslog functions do not handle some asynchronous signals correctly, which can be used by a malicious attacker to execute various specially crafted commands.

The vulnerability would allow an attacker to take complete control of the system, and the flaw can be exploit either remotely or locally.

The Sendmail company has already issued patches for versions 8.12 and 8.11, but all users are recommended to upgrade to the newest version: 8.13.6


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »