very nasty new sendmail vulnerability

Remote Sendmail Header Processing Vulnerability.

Attackers may remotely exploit this vulnerability to gain ‘root’ or superuser control of any vulnerable Sendmail server. Sendmail and all other email servers are typically exposed to the Internet in order to send and receive Internet email. Vulnerable Sendmail servers will not be protected by legacy security devices such as firewalls and/or packet filters. This vulnerability is especially dangerous because the exploit can be delivered within an email message and the attacker doesn’t need any specific knowledge of the target to launch a successful attack.

Sendmail versions from 5.79 to 8.12.7 are vulnerable.

Protection mechanisms such as implementation of a non-executable stack do not offer any protection from exploitation of this vulnerability. Successful exploitation of this vulnerability does not generate any log entries.


This entry was posted in Uncategorized and tagged , , , , , , , , , . Bookmark the permalink. Both comments and trackbacks are currently closed.