![[SJF Logo]](../../images/sjflogo.gif)
CERT recently issued an advisory on the sendmail remote buffer overflow, and it looks very serious. Apparently, it can provide remote root access, doesn't leave any log entries for successful exploits, and because it's content-based, even mail servers "protected" behind invulnerable relays are still not safe.
A working exploit was released less than 24 hours later, and this underscores what the smart people in security say: "presume that all vulnerabilities are explolitable - don't wait for the public announcement". This is a very nasty vulnerability - run, don't walk, to take care of this.
Now might be a great time to migrate to a better mail server, such as QMail or (my favorite) Postfix. I've been spending the last day performing sendmail-to-Postfix migrations, and it's gone surprisingly smoothly. That we can also add SpamAssassin to the mix as a Postfix content filter is an added bonus.
But even those sticking with sendmail must patch this immediately.
Posted by Steve at March 05, 2003 11:36 AM | TrackBack