Not that this is concerned with any network equipment or network
operations per say, but I'm sure that alot of you do run sendmail.
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Brief
March 3, 2002
Remote Sendmail Header Processing Vulnerability
Synopsis:
ISS X-Force has discovered a buffer overflow vulnerability in the
Sendmail
Mail Transfer Agent (MTA). Sendmail is the most common MTA and has been
documented to handle between 50% and 75% of all Internet email traffic.
Impact:
Attackers may remotely exploit this vulnerability to gain "root" or
superuser
control of any vulnerable Sendmail server. Sendmail and all other email
servers are typically exposed to the Internet in order to send and
receive
Internet email. Vulnerable Sendmail servers will not be protected by
legacy
security devices such as firewalls and/or packet filters. This
vulnerability
is especially dangerous because the exploit can be delivered within an
email
message and the attacker doesn't need any specific knowledge of the
target to
launch a successful attack.
Affected Versions:
Sendmail versions from 5.79 to 8.12.7 are vulnerable
Note: The affected versions of Sendmail commercial, Sendmail open source
running on all platforms are known to be vulnerable.
For the complete ISS X-Force Security Advisory, please visit:
http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950