Thursday, March 23, 2006

Sendmail Critical Vulnerability

The new version of Sendmail, 8.13.6, corrects a critical vulnerability that could allow an attacker to gain control of affected systems and access the email messages in the mailboxes hostedon the server.

Sendmail is one of the most popular MTAs (Mail Transfer Agent) and usedwidely in Internet mail servers, especially in UNIX environments, but there is also a version for Windows.

The vulnerability has been detected in version 8; or more precisely, versions prior to 8.13.6.

This problem would allow an attacker to run arbitrary code and totally compromise affected servers.

Sendmail versions for Windows are not vulnerable.

The Sendmail Consortium urges all users to upgrade to Sendmail 8.13.6.

If this is not possible, specific patches to correct the vulnerability in versions 8.12 and 8.13 are also available.

More information about the vulnerability, upgrade and patches is available in the original advisory at:http://www.sendmail.org/8.13.6.html