HZGN.COM
welcome to my space
X
Welcome to:hzgn.com
Search:  
Feng Shui | Graphic Design | Cosmetics | Causes and Organizations | Regulatory Compliance | Gadgets and Gizmos | Computer Forensics | Tools and Equipment | Related articles
 HOME   Sendmail Still Buggy
Sendmail Still Buggy
Published by: jack 2008-11-21

A new buffer overflow flaw has been detected in popular e-mail transfer application Sendmail that could allow an attacker to run any code he or she chooses, according to CERT/CC.

The security advisory group said the vulnerability affects systems running open-source Sendmail versions before 8.12.10, including both UNIX and Linux systems, as well as such commercial releases of Sendmail as Sendmail Switch, Sendmail Advanced Message Server (SAMS), and Sendmail for NT. The weakness offers a malicious user to tap the application's daemon, particularly it's root.

The vulnerability lies in Sendmail's address parsing code. An error in the pre-scan function could allow an attacker to write past the end of a buffer, corrupting memory structures. The attacker may then be able to execute arbitrary code with an e-mail message.

CERT Internet security analyst Art Manion told internetnews.com the bug is severe because of the degree to which widespread degree in which Sendmail is used in vendors' Unix and Linux infrastructure.

Sendmail FAQ, Section 2::
However, keep in mind that version 8 still hasn't been ported (so far as we . sendmail has been rather buggy and an easy mark for system crackers to
http://www.bjnet.edu.cn/sun-admin/sendmail/faq/section2.htmlHOME
Locking down Exchange | Tech Off | Channel 9::
Jul 24, 2007 Except of course sendmail is a buggy heap of poo. Weird though, Exchange 2007 is locked down by default, and 2003 wasn't bad at all
http://channel9.msdn.com/forums/TechOff/256509-Locking-down-Exchange/HOME
It actually mirrors a similar flaw CERT said this flaw is different from one discovered in March because this point of attack starts with the "contents of a specially crafted email message rather than by lower-level network traffic."

"This is different from that flaw, but they are very, very similar in what they do," Manion said. "They both attack via an e-mail message sent to a vulnerable server. It's the same function and the same source code. This new flaw affects a higher layer within the e-mail message."

Manion said this particular flaw busts through the firewall undetected. In some respects, Manion said, it resembles an e-mail virus because the exploit lies in the e-mail message.

sendmail-8.11.6-1U60_3cl.i386 RPM::
sendmail start - Closes: #3887 (sendmail initscript buggy) * Thu Jun 07 2001 Andreas Christian Hasenack <andreas@conectiva.com> + sendmail-8.11.4-2cl
http://rpmfind.net/linux/RPM/conectiva/atualizacoes/6.0/RPMS/sendmail-8.11.6-1U60_3cl.i386.htmlHOME
Re: Fetchmail/Sendmail/IMAP ?::
the problem I've seen is that the choice of the mail server is buggy. If you want to use AppleMailServer, perhaps sendmail is ALSO launched.
http://lists.apple.com/archives/macos-x-server/2001/Oct/msg00088.htmlHOME
"Sendmail is widely depolyed," said the analyst. "This is definitely a big concern of ours."

Why does it matter that point of attack for the newly-discovered flaw lies in the message, not in the connection? Manion said this is important because an e-mail transfer agent that does not host the vulnerability may pass the malicious message along to other transfer agents that may be protected at the network level, which means vulnerable Sendmail servers on the network are still at risk, even if the site's border transfer agent uses different software to send messages.

CERT is advising Sendmail users who rely on the aforementioned systems, be they Unix or Linux, upgrade to a new version of Sendmail ( 8.12.10) or apply a patch for Sendmail versions 8.9.x through 8.12.9. In the meantime, the group recommends that users set the RunAsUser option to reduce the impact of this vulnerability.

Vendors or groups who incorporate Sendmail are addressing the issue with patches. They include Debian, F5 Networks, IBM, NetBSD, Red Hat, The Sendmail Consortium, Sun Microsystems, SuSE.

Senmail has a history of flaws. Previous versions of Sendmail, which handles between up to 75 percent of all Internet e-mail traffic, contain a buffer overflow flaw that could give an attacker 'root' or super-user access.


Hackers Unleashing Code for Blaster Copycat
Say Bye, Bye to the BIOS Layer

  • movable type and textpattern
  • movie the bucket list
  • video game penny arcade adventures on the rain slick precipice of darkness ep 1
  • review this please
  • video game penny arcade adventures on the rain slick precipice of darkness ep 1
  • movie be kind rewind
  • movie iron man
  • movie jumper
  • movie cloverfield
  • movie cloverfield
  • games iron man
  • phone review of the mogul htc from sprint
  • movie jumper
  • movable type and textpattern
    		•  
  • movie iron man
  • movie the bucket list
  • book barack obama audacity of hope
  • mobile device asus eee
  • phone review of the mogul htc from sprint
  • leet guide
  • movie super high me
  • hitman and cloverfield
  • movie super high me
  • book barack obama audacity of hope
  • mobile device asus eee
  • review this please
  • hitman and cloverfield
    • #If you have any other info about this subject , Please add it free.#
    Your name:
    E-mail:
    Telphone:

    Your comments:


    If you have any other info about Sendmail Still Buggy , Please add it free.
     Homepage | Add to favorites | Contact us | Exchange links | LOGIN | Site map | 
    Copyright© 2008 hzgn.com        Site made:CFZ