Internet Security Systems, Inc. (ISS) has discovered a serious vulnerability in Sendmail SMTP server software. Sendmail is the most popular mail transfer agent (MTA) on the Internet and is used extensively by large corporations and government agencies to route and deliver email.

In order to exploit this vulnerability, an attacker simply needs to be able to connect to the Sendmail SMTP server over a network. Exploitation of this vulnerability could allow remote attackers to take complete control of affected machines and obtain full access to users emails, confidential information and other sensitive data on the network.

Due to its high popularity and extensive deployment throughout the Internet, this vulnerability represents a serious risk to organisations that rely upon Sendmail for email services, said Gunter Ollmann, Director of ISS X-Force. Since SMTP is one of the few listening services allowed consistently through perimeter firewalls, we expect that many attackers will focus their efforts on developing techniques to exploit the vulnerability in order to gain entry into corporate and government networks.

Sendmail is primarily used in UNIX server environments, although various Windows versions also exist. It is the default MTA for many operating systems. By carefully timing the transmission of malicious data targeting this vulnerability, it is possible for a remote attacker to gain control of the affected system without requiring any user interaction.

Related links: (Open in a new window.)
xforce.iss.net/xforce/alerts/id/216

View printable version (opens in new window)
Back