A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Waterfall_Cache has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 47

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 194

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Memcache_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 275

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; Filesystem_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 440

A PHP Error was encountered

Severity: 8192

Message: Methods with the same name as their class will not be constructors in a future version of PHP; APC_Cache_System has a deprecated constructor

Filename: _common/waterfall_cache.php

Line Number: 628

Security Firm Caulks Sendmail Exploit

Security Firm Caulks Sendmail Exploit

By Clint Boulton (Send Email)
Posted Mar 24, 2006


Security experts this week found a flaw in Sendmail's server software that will allow an attacker to hijack a user's personal computer and view sensitive information. Sendmail plugged a hole that will allow a perpetrator to take control of computers.

Sendmail Mail Transfer Agent (MTA) is an SMTP server used on mail gateways to route and shuttle e-mail. It is offered as an open source Linux product and in commercial Unix versions: the new flaw affects both.

Internet Security Systems said today the Sendmail exploit is a signal race vulnerability caused by the mishandling of asynchronous signals. By forcing the SMTP server to timeout at a specific instant, an attacker can run malicious code and: exposure, deletion, or modify programs and data on the system; disrupt e-mail delivery; and view confidential documents.

Because Sendmail starts a new process for each connected computer, attackers can exploit it on any machine connected to Sendmail.

Sendmail said it is not aware of any public exploit code for this vulnerability.

Sendmail.org has since plugged the hole in the latest open source version, 8.13.6, which may be accessed here. It  is also offering patches for 8.13.5 and 8.1211.

Sendmail.com is offering fixes for Unix system that may be affected here.

Sendmail has had its share of exploits pop up in the past.  In 2003, the Sendmail Consortium updated its popular open-source MTA to plug a security problem in header parsing. That flaw was also discovered by ISS.

This article was originally published on internetnews.com.

Page 1 of 1


Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.


 

 


Thanks for your registration, follow us on our social networks to keep up-to-date