[PLUG] Sendmail Vulnerability

Ed Sawicki ed at alcpress.com
Mon Mar 3 11:47:01 UTC 2003 

An increasing number of my customers are no longer
using sendmail. It seems that Postfix has become the
new standard for email on *nix. It's included with
many Linux distributions though not necessarily
installed by default as it is on, say, UnitedLinux.

I'm co-authoring a book on Email right now that makes
the assumption that Postfix is the standard, though
it does mention that Exim and qmail are also fine
servers. Sendmail is covered minimally - as one would
cover a legacy product. I'm doing the server-side
portion of the book and my co-author is doing the
client-side. Our tech reviewer is the author of a
well-known mail client.

I'd be pleased to hear what you think are the most
confusing email concepts or issues, so I can be sure
I'm doing justice to the subject in the book.

Ed


On Mon, 2003-03-03 at 10:32, Schlosser, Ryan wrote:
> Subject: [VulnWatch] ISS Security Brief: Remote Sendmail Header Processing
> Vulnerability
> 
> - -----BEGIN PGP SIGNED MESSAGE-----
> 
> Internet Security Systems Security Brief
> March 3, 2002
> 
> Remote Sendmail Header Processing Vulnerability
> 
> Synopsis:
> 
> ISS X-Force has discovered a buffer overflow vulnerability in the Sendmail
> Mail Transfer Agent (MTA). Sendmail is the most common MTA and has been
> documented to handle between 50% and 75% of all Internet email traffic.
> 
> Impact:
> 
> Attackers may remotely exploit this vulnerability to gain "root" or
> superuser
> control of any vulnerable Sendmail server. Sendmail and all other email
> servers are typically exposed to the Internet in order to send and receive
> Internet email. Vulnerable Sendmail servers will not be protected by legacy
> security devices such as firewalls and/or packet filters. This vulnerability
> is especially dangerous because the exploit can be delivered within an email
> message and the attacker doesn't need any specific knowledge of the target
> to
> launch a successful attack. 
> 
> Affected Versions:
> 
> Sendmail versions from 5.79 to 8.12.7 are vulnerable
> 
> Note: The affected versions of Sendmail commercial, Sendmail open source
> running on all platforms are known to be vulnerable.
> 
> For the complete ISS X-Force Security Advisory, please visit: 
> http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
> 
> ______
> 
> About Internet Security Systems (ISS)
> Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
> pioneer and world leader in software and services that protect critical
> online resources from an ever-changing spectrum of threats and misuse.
> Internet Security Systems is headquartered in Atlanta, GA, with
> additional operations throughout the Americas, Asia, Australia, Europe
> and the Middle East.
> 
> Copyright (c) 2003 Internet Security Systems, Inc. All rights reserved
> worldwide.
> 
> Permission is hereby granted for the electronic redistribution of this
> document. It is not to be edited or altered in any way without the
> express written consent of the Internet Security Systems X-Force. If
> you wish to reprint the whole or any part of this document in any other
> medium excluding electronic media, please email xforce at iss.net for
> permission. 
> 
> Disclaimer: The information within this paper may change without notice.
> Use of this information constitutes acceptance for use in an AS IS
> condition. There are NO warranties, implied or otherwise, with regard to
> this information or its use. Any use of this information is at the
> user's risk. In no event shall the author/distributor (Internet Security
> Systems X-Force) be held liable for any damages whatsoever arising out
> of or in connection with the use or spread of this information.
> X-Force PGP Key available on MIT's PGP key server and PGP.com's key server,
> as well as at http://www.iss.net/security_center/sensitive.php
> Please send suggestions, updates, and comments to: X-Force
> xforce at iss.net of Internet Security Systems, Inc.
> 
> - -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBPmOIRDRfJiV99eG9AQGOoAQAsW+F+O6i+tsKs6MCyUcBhZ1J83VgGcRU
> /qSQD68RlVBBD7+MDmjdr+eewu3a2wOAeBxFKRne3F/xijoqx6BV70iR5hwcZ1ZE
> RqyoluWYvkBOPnPvkoufTjuQvEWwTgZsf98JnjGbn/kIHPD2CUnz86CTEVSvJvlT
> wacUckcEhiA=
> =HFwX
> - -----END PGP SIGNATURE-----
> 
> ------- End of Forwarded Message
> 
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
-- 
Ed Sawicki <ed at alcpress.com>
ALC

More information about the PLUG mailing list