[ Technology Blogs Articles News Reviews ]

 
Google
www Technoclicks.com
Post Tech Blog Article News Reviews

Top Articles

Sendmail Vulnerability Threatens E-Mail Servers

Posted by iMark - 2006-03-25

A significant vulnerability has been discovered in the Sendmail open-source e-mail application that could allow attackers to take over control of any devices running the affected software.
 
The flaw, first reported by security researchers at Atlanta-based Internet Security Systems, is present in Sendmail's e-mail server software and could be exploited by someone sending malicious data to a computer running the software at specific time intervals, ISS said.

If exploited in such a manner by an outsider, the flaw could allow the attacker to corrupt the application's memory and gain control of the device.

Sendmail Consortium, which oversees development of non-commercial versions of the e-mail software, released an updated version of the application that includes a security patch meant to fix the flaw.

The group cautioned all users of the Sendmail 8 version of the product to move to the new iteration, Version 8.13.6.

Users of Version 8.12.11 can apply the patch separately, but Sendmail Consortium said the fix would not work with earlier versions and indicated that the update could cause those versions to malfunction.

The affected e-mail server software is a descendant of the original ARPAnet delivermail application and remains one of the most popular forms of MTA (mail transfer agent) used in the world. Sendmail Consortium contends that its Web server platform currently handles roughly 70 percent of the world's e-mail traffic.

Sendmail Inc., which markets commercial versions of the software, said the flaw affected its Sendmail Switch, Managed MTA, Multi-Switch v 3.1.7 and earlier versions, and its Sentrion 1.1 appliance. The glitch also affects its Advanced Message Server, Message Store v 2.2 and Intelligent Quarantine 3.0 applications.

Researchers said that once an attacker gains control of a machine harboring the vulnerability, it is possible that the attacker could then infiltrate a corporate network the exploited computer is connected to. ISS noted that the attacker would not need to trick the computer's user in any way to take advantage of the flaw.



Related Category :

Software ||

Next ....: Oracle Launches Business Intelligence Tools

:: Previous Articles
:: Yahoo launches instant message phone in US
:: Novell Details Enterprise Road Map
:: CA Introduces New Systems-Management Platform

Recent Articles

 


 

Home | | Members | Search | Upadtes | RSS | Tags | Site Map | Tags | Conact

© Technoclicks.com - All rights reserved.