Sendmail exploit released, FYI

Don Benesch dbenesch at
Sat Mar 8 08:33:15 EST 2003

By Keith Regan
Computer experts warned that a Sendmail vulnerability discovered by
Internet Security Systems (ISS) should be patched quickly, as there is
evidence hackers are working to exploit the flaw.

The buffer-overflow vulnerability in the Mail Transfer Agent (MTA) of
widely used Sendmail makes it possible for a hacker to gain control of
mail servers.

The Computer Emergency Response Team (CERT) published an advisory Monday,
urging that patches made available from Sendmail Inc. and others be

CERT analyst Jeff Havrilla says reports from "reliable sources" indicate
code is circulating that could lead to a widespread exploitation of the

The vulnerability has the distinction of being the first to be vetted by
the US Department of Homeland Security, says Dan Ingevaldson, team leader of
X-Force R&D at ISS. Coordination with Homeland Security enabled key
industries to receive advance notice as well.

"We felt this issue was important and critical enough to take it a step
further," says Ingevaldson, who found the flaw last December. "All
indications were no one else knew at the time."

While some fear more Sendmail flaws remain undiscovered, Ingevaldson says
what matters most is how quickly patches are applied.

Havrilla agrees. "It's a race," he says. "Intruders are actively seeking
to exploit this flaw."

More information about the linux mailing list