Sendmail hit by data interception flaw


Sendmail hit by data interception flaw

Antony Savvas

Internet security researchers have discovered a serious flaw in versions of the widely-used Sendmail open-source e-mail software.

The flaw could allow remote attackers to take control of users’ PCs. To enable this to happen, attackers would have to send malicious code at carefully planned time intervals to an SMTP mail server.

Alerts for the flaw have been issued by ISS, the French Security Incident Response Team (FrSIRT), and Symantec.

Such an attack could be used to intercept mail, allow intruders to tamper with other programs and data, and provide access to other systems on the network.

The flaw affects all Linux- and Unix-based versions of Sendmail 8 up to version 8.13.5. The flaw does not affect versions written for Microsoft Windows.

Sendmail products hit by the bug include Sendmail Switch, Sentrion and Advanced Message Server.

The Sendmail Consortium estimates that its software handles 70% of the world’s e-mail messages. The fact that the flaw doesn’t affect Windows versions of the software will help to curtail the threat.

The Sendmail Consortium urged users to upgrade to version 8.13.6 of the software, which contains a fix to the problem.



Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy