FSC-2006-2: Sendmail MTA Security Vulnerability
Brief Description
A vulnerability in Sendmail may permit a specially crafted attack to take over the sendmail MTA process, allowing a remote user to execute commands and run arbitrary programs on the system.
Sendmail released a medium risk security advisory on March 22nd 2006. Both the X- and P-series F-Secure Messaging Security Gateway Appliances use Sendmail. The vulnerability may permit a specially crafted attack to take over the sendmail MTA process, allowing a remote user to execute commands and run arbitrary programs on the system.
Hotfixes are distributed automatically by the delivery system. Users of these products do not need to take any action. This means that virtually all affected systems will be patched automatically shortly after publication of this advisory.
This vulnerability is being tracked as CVE-2006-0058.
Affected Platforms
All supported platforms
Products
Risk Level: HIGH (Low/Medium/High/Critical)
F-Secure Messaging Security Gateway, X200 (3.1.0 or earlier)
F-Secure Messaging Security Gateway, P600 and P800 (3.2.4 or earlier)
Mitigating Factors
A fix for the problem has been distributed through the malware definition database update channel. This advisory only affects systems that, for some reason, are not updated automatically.
Date Issued: 2006-06-01
Last Updated: 2006-06-01
2006 Security Advisories
- FSC-2006-6: OpenSSL Denial of Service Vulnerability (2006-11-29)
- FSC-2006-5: Deeply Nested Malformed MIME Denial of Service Attack (2006-07-14)
- FSC-2006-4: Scanning Bypass Vulnerability (2006-06-28)
- FSC-2006-3: Buffer overflow in Web Console of F-Secure Anti-Virus (2006-06-01)
- FSC-2006-2: Sendmail MTA Security Vulnerability (2006-03-28)
- FSC-2006-1: Code Execution Vulnerability in ZIP and RAR Archive Handling (2006-01-19)
