electric sheep - news - Second Major Vulnerability Discovered In Sendmail This Month

Second Major Vulnerability Discovered In Sendmail This Month

	CERT warned of a security vulnerability in sendmail that could allow attackers to take over the application and launch a denial-of-service attack. The vulnerability stems from address parsing code that does not adequately check the length of e-mail addresses. An e-mail message with a specially crafted address could trigger a stack overflow, CERT said in a security advisory issued Saturday. Most medium to large-sized organizations are likely to have at least one vulnerable sendmail server, CERT said. Also, many Unix and Linux workstations provide a sendmail implementation that is enabled and running by default. Sendmail servers on the interior of a network are at risk, because Internet-facing mail servers that are not themselves vulnerable to the attack can pass messages on to vulnerable servers on the interior of the network, CERT said. Messages capable of exploiting the vulnerability can pass undetected through many common packet filters or firewalls. CERT recommends users apply a patch from Sendmail Inc. Full Article: Internet Week

© Copyright 2000-2003 Electric Sheep Inc. All Rights Reserved (electricsheep.us) (esheep.org) (elektrik-sheep.com)