Jack Writes: Internet Security Systems announced that its X-Force research and development team has discovered a serious vulnerability in Sendmail SMTP server software. Sendmail is the most popular mail transfer agent (MTA) on the Internet and is used extensively by large corporations and government agencies to route and deliver email.
In order to exploit this vulnerability, an attacker simply needs to be able to connect to the Sendmail SMTP server over a network. Exploitation of this vulnerability could allow remote attackers to take complete control of affected machines and obtain full access to users' emails, confidential information and other sensitive data on the network.
Sendmail is primarily used in UNIX server environments, although various Windows versions also exist. It is the default MTA for many operating systems. By carefully timing the transmission of malicious data targeting this vulnerability, it is possible for a remote attacker to gain control of the affected system without requiring any user interaction.
By protecting against vulnerabilities rather than known exploits, ISS keeps organizations ahead of Internet threats. Through a multi-layered security approach, ISS' Proventia(R) security products and services provide organizations with comprehensive protection for IT assets from network to host. ISS' Virtual Patch(TM) technology automatically protects organizations from Internet attacks until they are able to obtain, test and apply patches from affected vendors.
The ISS X-Force advisory on this vulnerability can be found here.