Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Sendmail vuln SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Sendmail vuln
Sendmail has released an advisory related to a vulnerability in
all versions of sendmail 8 previous to 8.13.6 of this popular MTA.
The advisory includes the commercial versions of products using sendmail.

http://www.sendmail.com/company/advisory/
and it has CVE entry CVE-2006-0058

Impact: the attacker could run arbitrary commands.

Mitigation: upgrade to 8.13.6, apply the patch, or setting the RunAsUser option in the configuration file.
This one looks bad.

Update: as more information becomes available this is starting too look worse.
Patch or upgrade NOW!

Cheers,
Adrien

I will be teaching next: Advanced Web App Penetration Testing, Ethical Hacking, and Exploitation Techniques - SANS October Singapore 2020

Adrien de Beaupre

353 Posts
ISC Handler
Mar 22nd 2006

Sign Up for Free or Log In to start participating in the conversation!