Threat Level: green Handler on Duty: Richard Porter

SANS ISC: Sendmail vuln - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Sendmail vuln
Sendmail has released an advisory related to a vulnerability in
all versions of sendmail 8 previous to 8.13.6 of this popular MTA.
The advisory includes the commercial versions of products using sendmail.

http://www.sendmail.com/company/advisory/
and it has CVE entry CVE-2006-0058

Impact: the attacker could run arbitrary commands.

Mitigation: upgrade to 8.13.6, apply the patch, or setting the RunAsUser option in the configuration file.
This one looks bad.

Update: as more information becomes available this is starting too look worse.
Patch or upgrade NOW!

Cheers,
Adrien

Adrien de Beaupre

353 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!