Internet Security Systems Warns Of Serious Sendmail E-Mail VulnerabilityInternet Security Systems Warns Of Serious Sendmail E-Mail Vulnerability

Security vendor says all versions of the widely used application from 5.2 on are vulnerable to a buffer-overflow attack.

information Staff, Contributor

March 3, 2003

2 Min Read
information logo in a gray background | information

Security researchers from Internet Security Systems' X-Force group are warning of a critical vulnerability within Sendmail. According to ISS, all versions of the widely used E-mail application from 5.2 on are vulnerable to a potential buffer-overflow attack.

In its alert, Internet Security Systems says vulnerable E-mail systems could experience, if attacked, everything from extremely low performance to "complete unresponsiveness." Data integrity of incoming and outgoing E-mail could also be compromised, it warns. If exploited, a lot of Internet communication could be disrupted, including emergency services and telecommunication systems worldwide.

Because of the pervasiveness of Sendmail and the ability of this vulnerability to be exploited remotely, it can enable an attacker to gain root, or superuser access, meaning the attacker could do anything to a vulnerable server that an administrator would be able to do. Security researchers say a hacker also could attack the vulnerability from within an E-mail message without having to know anything specific about the targeted system's configuration.

According to the alert, security applications such as firewalls and packet filters won't be able to protect users from attack against this vulnerability. It's estimated that up to 75% of all Internet E-mail traffic flows through systems that run Sendmail.

ISS says the software vulnerability occurs when Sendmail uses a Simple Mail Transfer Protocol transaction and attempts to evaluate whether E-mail addresses, or lists of addressed, within the "To," "From," and "cc:" fields are valid.

Sendmail Inc. and the Sendmail Consortium say Sendmail 8.12.8, which contains a fix for this critical vulnerability, is available. Users are urged to upgrade to this latest version or apply patches to older versions which are available at http://www.sendmail.org/.

"SMTP is the foundation for Internet E-mail," says Pete Lindstrom, research director at SpireSecurity. "If you haven't already begun doing so, now is a good time to begin hardening these systems."

Read more about:

20032003

About the Author

information Staff

information Staff

Contributor

See more from information Staff
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

A group of smiling college graduates celebrating their graduation.
IT Leadership
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era

Jan 17, 2025

Flame front of the Eaton Fire on the first night during the January 2025 California wildfires in Altadena and Los Angeles
IT Sectors
How Tech Supports the Emergency Response to the LA County Wildfires
How Tech Supports the Emergency Response to the LA County Wildfires

Jan 16, 2025

Graphic Pop Art style Illustration of Keanu Reeves as NEO from the film, The Matrix
IT Infrastructure
Y2K and Infrastructure Resilience 25 Years Later
Y2K and Infrastructure Resilience 25 Years Later

Jan 7, 2025

Young businessman working on a virtual screen of the future and sees the inscription: Now hiring
IT Leadership
Help Wanted: IT Hiring Trends in 2025
Help Wanted: IT Hiring Trends in 2025

Nov 20, 2024

Cobol programming language software development concept on vitual screen.
IT Leadership
Untangling Enterprise Reliance on Legacy Systems
Untangling Enterprise Reliance on Legacy Systems

Jan 21, 2025

Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports