ALARM Group ALERT ¿ click for a description of ALARM, The Computing Alert System
Alert Number: 032206-01
Alert Date: 03/22/06
Alert Title: Race Condition Vulnerability in Sendmail
Update-to: None
OS/Platform/Application: Sendmail versions prior to 8.13.6.
Category: ALERT
Severity: HIGH
Attention: System Administrators of platforms running Sendmail |
Summary: A race condition may allow a remote attacker to execute arbitrary code with the privileges of the Sendmail process. If Sendmail is running as root, this could allow complete system compromise.
Recommended Actions: Upgrade to Sendmail version 8.13.6, or apply patches for versions 8.12.11 or 8.13.5.
ITS Actions: ITS is applying the necessary patches to systems under its direct control.
Resources:
US-CERT Technical Cyber Security Alert TA06-081A:
http://www.us-cert.gov/cas/techalerts/TA06-081A.html
Sendmail.org:
http://www.sendmail.org/
ISS X-Force Advisory:
http://xforce.iss.net/xforce/xfdb/24584
