Tuesday, March 4, 2003
Sendmail Buffer Overflow -- 12:13 pm CST, Update by A.T. Hun
A rather nasty buffer overflow has been discovered in Sendmail, the program used to carry the vast majority of email. It is possible for a malformed email to give a cracker root access. Patches are available from all the standard Linux distributions. Apparently even the Office of Homeland Security got involved in keeping everything quiet and coordinating efforts to produce a patch. No exploits have been seen in the wild, but you can bet that there will be some. Get patching!
Is it just me or is Sendmail the Outlook of the free software world?
The Master comments: This patch was finally my reason to learn the m4 configuration system for sendmail. While it is all rather obtuse, in the end it works very well for configuring sendmail; which is more than I can say for the tools I was using.
The Master comments: I should probably also comment on sendmail security issues A.T. is alluding to. I think much of the trouble with sendmail spawns from the administrators of sendmail. This is EXACTLY equivalent to the problems in the Microsoft world with IIS and Exchange. Some of the problems with mail-relay that existed in sendmail were equivalent to the problems with Exchange 5.0 allowing relay. The configuration of sendmail is EXTREMELY difficult, and any small mistake can make you the preferred relay of choice for spammers everywhere. Then, there are those who run sendmail or IIS or whatever on their home PCs, because they are ignorant of the repercussions. It all comes down to the people who own the systems that are exposed to the internet.
Recent Headlines
January 5, 2015: It Returns!
August 10, 2007: SCO SUCKS IT DOWN!
July 5, 2007: Slackware 12.0 Released
May 20, 2007: PhpBB 3.0 RC 1 Released
February 2, 2007: DOOM3 1.31 Patch
January 27, 2007: Join the World Community Grid
January 17, 2007: Flash Player 9 for Linux
December 30, 2006: Darkness over Daggerford 1.2
December 19, 2006: Pocket Tunes 4.0 Released
December 9, 2006: WRT54G 1.01.1 Firmware OK with Linux/Mac
The Haus is powered by:
All original information on this website is copyright © TheHaus.Net, 1999-2005. The use of original images, text, and/or code from this website without expressed written consent is prohibited. The authors of this site cannot be held responsible for any damage, real or imagined, which comes from the use of information presented on this site. All trademarks used are the properties of their respective owners. This site is not to be used as a floatation device (but if you try, I want a video tape of it).
![[Valid RSS]](/images/valid-rss.png "Validate my RSS feed")