Sendmail Remote Signal Handling Vulnerability

A serious flaw has been found in Sendmail that could allow an attacker to take control of the SMTP server running vulnerable version of the software. A remote attacker could send malicious data at certain time intervals, which can corrupt arbitrary stack memory and gain control of the Server.

This security hole affects all Linux and Unix versions of Sendmail 8 up to version 8.13.5. Microsoft Windows versions of Sendmail are not affected. Sendmail has released a new verion 8.13.6 to fix this problem and also patches for earlier versions are available at their FTP site.

If your server is running Sendmail, I highly recommend to patch it or upgrade it. It is the most popular MTA but unfortunately has a history of serious security problems. If possible I recommend to switch to other MTAs like Postfix, Exim or Qmail which are more modular in design and were built with security in mind. My personal favorite is Qmail and all of my SMTP servers are running it. I’d previously written a guide Email Server Installation Checklist which you might find helpful while installing a new server or switching from Sendmail to other softwares. If you want secure and out-of-the-box SMTP server then SME Server can be a good choice.

Be Sociable, Share!
Posted in Admin, Email, Linux/Unix, Security, Windows
One comment on “Sendmail Remote Signal Handling Vulnerability
  1. Your email communications should contain calls to action. Headline is very important to get people to opt in to your email list try different headlines to see how they
    convert. You may also need to update these softwares, as the companies may make changes to the
    software to provide more useful features. If your products have good
    potential for email marketing, then you should consider some efficient email marketing strategies.
    Writing a teaser-style subject line requires some creativity, and your content needs to deliver.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Recent Comments

The light of Asia on Meeting Buddha Boy: DeAnna, what are you taking about? What…(March 30, 2017, 5:27 pm)
The light of Asia on Meeting Buddha Boy: Religious person don’t rape their disciple or…(March 30, 2017, 5:03 pm)
DeAnna on Meeting Buddha Boy: Whether he did or didn’t hurt someone…(February 16, 2017, 1:55 am)
http://www./ on iPhone first impression: They are mostly scams. If they require…(November 25, 2016, 10:29 am)
fifa4joy on Donate to my Mo, save a Mo Bro: You’ve gotten impressive knowlwdge these…(November 1, 2016, 11:06 am)