We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Critical Error

Sendmail flaw puts systems at risk, again

In what marks the second critical Sendmail flaw this month, systems running the commonly used email server software are at risk of hacker attacks because of a flaw in the way the program handles long email addresses.

Sendmail does not adequately check the length of email addresses, meaning an email message with a specially crafted address can trigger a stack overflow, potentially allowing an attacker to gain control of a vulnerable Sendmail server, the Cert (the Coordination Centre) warned in an advisory notice.

Sendmail servers that aren't directly connected to the internet are also at risk, since the vulnerability is triggered by the contents of a malicious email message that can be handed on from server to server.

Sendmail is the most commonly used MTA (mail transfer agent) and handles the majority of all internet email traffic, but many vendors are distributing vulnerable versions of the program.

Sendmail and the Sendmail Consortium urge users to upgrade to Sendmail 8.12.9 or apply a patch from their chosen vendor. The problem affects all versions of Sendmail Pro, all editions of open source Sendmail prior to 8.12.9, and several incarnations of Sendmail Switch and Sendmail for NT, according to Cert.

The email address parser flaw is the second "critical" bug in Sendmail announced and patched this month. The earlier vulnerability occurred because of an error in a function that checks whether addresses in the email message header are valid. This could also allow an attacker to take over a Sendmail server, experts said.

IDG UK Sites

6 best gaming PCs 2015: What's the best gaming PC you can buy in the UK?

IDG UK Sites

Three of the most expensive Limited Edition games ever made: Who's buying a $1,000,000 game?

IDG UK Sites

The future of Microsoft Surface: What to expect from the Surface Pro 4

IDG UK Sites

Best Mac: Apple Mac buyers guide for 2015: iMac, MacBook, MacBook Air, MacBook Pro, Mac mini and...