Sendmail vulnerability exposed

Users of the popular Linux and Unix server email software Sendmail are being urged to patch their systems, as some most recent versions of the software contain a vulnerability which could give attackers administrator access to the machine.

Although an attacker would need to get command line access to the system, a multitude of companies, such as ISPs or universities that provide shell access to accounts, are at high risk.

By sending a maliciously crafted command to the server, a hacker could gain administrator control of the machine.

The vulnerability is present in Sendmail open source versions between 8.11.0 and 8.11.5.

The bug has apparently been corrected in 8.11.6, but Sendmail warned that 8.12.0.Beta users should upgrade to 8.12.0.Beta19.

Sendmail has been an integral part of Unix server applications for well over a decade now and is often bundled with most Linux distributions too. The fact that it is open source has possibly added to its prevalence.

A number of Linux vendors, such as SuSE and Conectiva, have already released fixes for their particular flavour of the OS.

To Sendmail's credit, though, this is the first bug to be found in the application since 1997.

More info can be found here.