Sendmail flaw makes email vulnerable to hackers

By Alun Williams

Posted on 4 Mar 2003 at 17:48

The security software company Internet Security Systems (ISS) has discovered a security flaw in the most popular program for managing the Internet email traffic. The buffer overflow vulnerability affects the well-established Sendmail program.

ISS states that Sendmail handles between 50 per cent and 75 per cent of three-quarters of all Internet email traffic. Versions 5.79 to 8.12.7 of the program are vulnerable.

The flaw - which involves x86 architecture systems - allows an attacker to gain remote control of a Sendmail server and act as a superuser. The problem is particularly serious, claims ISS, as the Internet-facing Sendmail will not be protected by firewalls or packet filtering. The exploit can be delivered within an email message. ISS also warns that exploiting the vulnerability will not leave a trace in the log files.

The vulnerability relates to incomplete checking of address fields within emails. A remote attacker can send an email with a specially crafted 'From' field, for example, to trigger the buffer overflow.

You can read the full ISS advisory here. As well as a full technical description of the problem, the advisory includes assessment checks to identify vulnerable systems.

Sendmail urges all users to upgrade to Sendmail 8.12.8 or apply a patch for 8.12.x. More info can be found at the Sendmail Websites - for Open Source versions check out sendmail.org and for commercial versions Sendmail.com.