Security Advisories

FSC-2006-2: SENDMAIL MTA SECURITY VULNERABILITY

Description

A vulnerability in Sendmail may permit a specially crafted attack to take over the sendmail MTA process, allowing a remote user to execute commands and run arbitrary programs on the system.

Sendmail released a medium risk security advisory on March 22nd 2006. Both the X- and P-series F-Secure Messaging Security Gateway Appliances use Sendmail. The vulnerability may permit a specially crafted attack to take over the sendmail MTA process, allowing a remote user to execute commands and run arbitrary programs on the system.

Hotfixes are distributed automatically by the delivery system. Users of these products do not need to take any action. This means that virtually all affected systems will be patched automatically shortly after publication of this advisory.

This vulnerability is being tracked as CVE-2006-0058.

Affected Products


Risk Level: HIGH (Low/Medium/High/Critical)

  • F-Secure Messaging Security Gateway, X200 (3.1.0 or earlier)
  • F-Secure Messaging Security Gateway, P600 and P800 (3.2.4 or earlier)

 

Platforms

All supported platforms

 

Mitigating Factors

A fix for the problem has been distributed through the malware definition database update channel. This advisory only affects systems that, for some reason, are not updated automatically.

 

Date Issued: 2006-06-01
Last Updated: 2006-06-01

Get
Support

For documentation and product support,
visit our support site.

Learn More

F-Secure Community

Give advice. Get advice. Share the knowledge
on our free discussion forum.

Visit Now