Sendmail suffers security hole
A flaw has been discovered in the open source Sendmail Server software, the most commonly used mail transfer agent (MTA) on the Internet, commonly employed by large organisations to route and deliver email.
Sendmail.org has already issued an update, in the form of Sendmail 8.13.6, which addresses the vulnerability discovered by Mark Dowd of ISS X-Force, a security company. Sendmail urges all users of Sendmail 8 to upgrade to this version.
Patches are also available, and customers of commercial versions supplied by Sendmail.com are advised to read its advisory. The ISS X-Force advisory on this vulnerability can be found at xforce.iss.net/xforce/alerts/id/216.
‘Due to its high popularity and extensive deployment throughout the Internet, this vulnerability represents a serious risk to organisations that rely upon Sendmail for email services,’ said Gunter Ollmann, Director of ISS X-Force. ‘Since SMTP is one of the few listening services allowed consistently through perimeter firewalls, we expect that many attackers will focus their efforts on developing techniques to exploit the vulnerability in order to gain entry into corporate and government networks.’
It is believed that by carefully timing the transmission of malicious data, a remote attacker could corrupt stack memory and gain control of an affected sendmail MTA process, without requiring any user interaction.
The technical detail is that a signal handler race condition exists allowing attackers to ‘execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations’.