On Monday, March 3, it was announced that researches from ISS (Internet Security Systems) had discovered a vulnerability in Sendmail. The vulnerability can be triggered remotely and allow an attacker to gain control of the Sendmail server.
Sendmail is estimated to handle 75% or more of the email traffic on the Internet. As a freely available, open source email server which comes packaged with most Unix and Linux platforms Sendmail is very popular. Many of the Unix and Linux distributions enable Sendmail by default so users may not even be aware that it is running.
The flaw is even more serious because firewalls, intrusion detection systems and other standard perimeter defenses won’t stop it. By sending a specially-crafted email message to a vulnerable Sendmail server the attacker can take control of it.
Even Sendmail installations that don’t accept connections from external sources can still be at risk. Any email server, even non-Sendmail, that does accept messages from external sources will pass a malicious message on to Sendmail installations inside.
While there is no known exploit spreading in the wild, Sendmail has successfully exploited this vulnerability in a lab environment. With such a large target it is probably only a matter of time before someone writes a worm or other exploit to take advantage of this vulnerability.
Anyone running Unix or Linux should first check to see if they are running Sendmail. If it is on by default but you don’t use it or don’t need it on, simply disable or remove it. If you can’t disable or remove it you must download the latest version of Sendmail (8.12.8) or check to see if your vendor has put out a patch to address this issue.