Sendmail Vulnerability Threatens E-Mail Servers | eWeek

Sendmail Vulnerability Threatens E-Mail Servers

Written By
Matt Hines
Matt Hines
Mar 23, 2006
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

A significant vulnerability has been discovered in the Sendmail open-source e-mail application that could allow attackers to take over control of any devices running the affected software.

The flaw, first reported by security researchers at Atlanta-based Internet Security Systems, is present in Sendmails e-mail server software and could be exploited by someone sending malicious data to a computer running the software at specific time intervals, ISS said.

If exploited in such a manner by an outsider, the flaw could allow the attacker to corrupt the applications memory and gain control of the device.

Sendmail Consortium, which oversees development of non-commercial versions of the e-mail software, released an updated version of the application that includes a security patch meant to fix the flaw.

The group cautioned all users of the Sendmail 8 version of the product to move to the new iteration, Version 8.13.6.

/zimages/2/28571.gifClick hereto read about e-mail security offerings from SonicWall.

Users of Version 8.12.11 can apply the patch separately, but Sendmail Consortium said the fix would not work with earlier versions and indicated that the update could cause those versions to malfunction.

The affected e-mail server software is a descendant of the original ARPAnet delivermail application and remains one of the most popular forms of MTA (mail transfer agent) used in the world. Sendmail Consortium contends that its Web server platform currently handles roughly 70 percent of the worlds e-mail traffic.

/zimages/2/84833.gifIs outsourcing e-mail security right for your organization? Ziff Davis Media eSeminars invites you to learn about the security and management challenges facing e-mail technology implementers and decision makers from Tumbleweed on March 28 at 2 p.m. ET.

Sendmail Inc., which markets commercial versions of the software, said the flaw affected its Sendmail Switch, Managed MTA, Multi-Switch v 3.1.7 and earlier versions, and its Sentrion 1.1 appliance. The glitch also affects its Advanced Message Server, Message Store v 2.2 and Intelligent Quarantine 3.0 applications.

Researchers said that once an attacker gains control of a machine harboring the vulnerability, it is possible that the attacker could then infiltrate a corporate network the exploited computer is connected to. ISS noted that the attacker would not need to trick the computers user in any way to take advantage of the flaw.

/zimages/2/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.