An Internet hacker has implanted some copies of the source code for
the Sendmail package with a Trojan horse, allowing intruders to
access computers on which the popular mail-server was compiled and
open computer networks to attack.
The Trojan horse versions of the Sendmail package contain malicious
code that creates a back door when the program is compiled from its
source code, a Computer Emergency Response Team Coordination Center
(CERT/CC) statement said.
Modified versions of the files sendmail.8.12.6.tar.z and
sendmail.8.12.6.tar.gz began to appear in downloads from the file
transfer protocol (FTP) server ftp.sendmail.org on or around 28
September, according to CERT/CC.
The Sendmail development team disabled FTP access to the server on
6 October.
Although CERT/CC said it does not appear that copies downloaded via
HTTP contained the Trojan horse, it encourages users who may have
downloaded the source code via this protocol to verify software
authenticity.
CERT/CC has urged users to verify the cryptographic signatures of
the packages. The Sendmail development team confirmed that Trojan
horse copies failed signature checks.
More details of the Trojan horse are available at
www.cert.org/advisories/CA-2002-28.html