Sendmail Remote Signal Handling Vulnerability

A serious flaw has been found in Sendmail that could allow an attacker to take control of the SMTP server running vulnerable version of the software. A remote attacker could send malicious data at certain time intervals, which can corrupt arbitrary stack memory and gain control of the Server.

This security hole affects all Linux and Unix versions of Sendmail 8 up to version 8.13.5. Microsoft Windows versions of Sendmail are not affected. Sendmail has released a new verion 8.13.6 to fix this problem and also patches for earlier versions are available at their FTP site.

If your server is running Sendmail, I highly recommend to patch it or upgrade it. It is the most popular MTA but unfortunately has a history of serious security problems. If possible I recommend to switch to other MTAs like Postfix, Exim or Qmail which are more modular in design and were built with security in mind. My personal favorite is Qmail and all of my SMTP servers are running it. I’d previously written a guide Email Server Installation Checklist which you might find helpful while installing a new server or switching from Sendmail to other softwares. If you want secure and out-of-the-box SMTP server then SME Server can be a good choice.

Be Sociable, Share!
Posted in Admin, Email, Linux/Unix, Security, Windows
One comment on “Sendmail Remote Signal Handling Vulnerability
  1. Your email communications should contain calls to action. Headline is very important to get people to opt in to your email list try different headlines to see how they
    convert. You may also need to update these softwares, as the companies may make changes to the
    software to provide more useful features. If your products have good
    potential for email marketing, then you should consider some efficient email marketing strategies.
    Writing a teaser-style subject line requires some creativity, and your content needs to deliver.

Leave a Reply

Your email address will not be published. Required fields are marked *


Recent Comments

FirstCandace on WinXP and OSX dual boot in MacBook Pro: I have noticed you don’t monetize your…(November 10, 2017, 11:32 pm)
From Wikipedia, the free encyclopedia – Ram Bahadur Bomjon on Buddha Boy attacked and injured a guy with his sword?: […] Niranjan (July 20, 2007). “Buddha Boy…(September 2, 2017, 5:07 pm)
Micle on How I Prepared and Passed CISSP : Nice Aritcle…(August 10, 2017, 8:51 am)
David on How I Prepared and Passed CISSP : I am very happy to read this…(August 10, 2017, 8:21 am)
95Russell on Simulating Cisco and Linux Networks: Hello blogger, i must say you have…(August 5, 2017, 8:30 pm)