F-Secure
Tools
Security Advisory FSC-2006-2
Sendmail MTA security vulnerability
| Date issued | 2006-03-28 |
|---|---|
| Last updated | 2006-03-28 |
| Risk factor | High (Low/Medium/High/Critical) |
| Brief description | A vulnerability in Sendmail may permit a specially crafted attack to take over the sendmail MTA process, allowing a remote user to execute commands and run arbitrary programs on the system. |
| Software | F-Secure Messaging Security Gateway, X200 F-Secure Messaging Security Gateway, P600 and P800 |
| Affected versions | 3.1.0 or earlier 3.2.4 or earlier |
| Affected platforms | F-Secure Messaging Security Gateway, X200 F-Secure Messaging Security Gateway, P600 and P800 |
| Advisory location | http://www.f-secure.com/security/fsc-2006-2.shtml |
| Issue | Sendmail released a medium risk security advisory on March 22nd 2006. The Sendmail Advisory is located at http://www.sendmail.com/company/advisory/. Both the X- and P-series F-Secure Messaging Security Gateway Appliances use Sendmail. The vulnerability may permit a specially crafted attack to take over the sendmail MTA process, allowing a remote user to execute commands and run arbitrary programs on the system. Hotfixes are distributed automatically by the delivery system. Users of these products do not need to take any action. This means that virtually all affected systems will be patched automatically shortly after publication of this advisory. This vulnerability is being tracked as CVE-2006-0058 and can be found at http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058. |
| Revision history | FSC-2006-2 / 2006-03-23 |
Contact information:
Support: http://www.f-secure.com/en_EMEA/support/