Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Sendmail vuln SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Sendmail vuln
Sendmail has released an advisory related to a vulnerability in
all versions of sendmail 8 previous to 8.13.6 of this popular MTA.
The advisory includes the commercial versions of products using sendmail.

http://www.sendmail.com/company/advisory/
and it has CVE entry CVE-2006-0058

Impact: the attacker could run arbitrary commands.

Mitigation: upgrade to 8.13.6, apply the patch, or setting the RunAsUser option in the configuration file.
This one looks bad.

Update: as more information becomes available this is starting too look worse.
Patch or upgrade NOW!

Cheers,
Adrien

Adrien de Beaupre

353 Posts
ISC Handler
Mar 22nd 2006

Sign Up for Free or Log In to start participating in the conversation!