Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Sendmail is one of the most popular mail transfer agents on the internet, used extensively by large corporations and government agencies to route and deliver email.
The ISS X-Force team of security researchers said that in order to exploit this vulnerability, an attacker simply needs to be able to connect to the Sendmail SMTP server over a network. Exploitation of this vulnerability could allow remote attackers to take complete control of affected machines and obtain full access to users' emails, confidential information and other sensitive data.
By carefully timing the transmission of malicious data targeting this vulnerability, it is possible for a remote attacker to gain control of the affected system without requiring any user interaction.
"Due to its high popularity and extensive deployment throughout the internet, this vulnerability represents a serious risk to organizations that rely upon Sendmail for email services," said Gunter Ollmann, director of ISS X-Force. "Since SMTP is one of the few listening services allowed consistently through perimeter firewalls, we expect that many attackers will focus their efforts on developing techniques to exploit the vulnerability in order to gain entry into corporate and government networks."
Sendmail is primarily used in UNIX server environments, although various Windows versions also exist. A patch for this vulnerability is available from the Sendmail website.
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.