Sendmail Vulnerability

I really hope to get some more articles about web development posted soon, but so much time is spent keeping up to date on systems and servers sometimes the articles get put on the back burner. Anyway, all systems administrators should be aware by now that as of yestrday morning their Sendmail based mail servers were vulnerable. This is a pretty serious exploit which would give total control over the server to the attacker. Sendmail is software that is bundled with almost all Unix and Linux operating systems. Some estimates place Sendmail on 72% of all Internet mail servers.
Internet Security Systems Inc. is the company who discovered the vunerability and has helped coordinating the response.
This information was released yesterday:
http://www.sans.org/webcasts/030303.php (A free archive of the webcast is available, sign up is required. It’s pretty cool if you want to hear a the guys who discovered and developed fixes for these security issues. Bonus information about hardening your mail server is included.)
http://www.nipc.gov specifically http://www.nipc.gov/warnings/advisories/2003.htmSendmail has both an Open Source, free product and a commercial product.
What’s up with that?
Interestingly enough, as of this posting the Department of Homeland Security has not recognized this as a threat. This is presumably more about getting the information posted than an actual shortcoming in thier threat assesment process. We searched the site for ‘sendmail’ and ‘Sendmail’. All the Operating Systems vendor’s we checked had updates or patches available on their web sites.

Comments are closed, but trackbacks and pingbacks are open.