Security Advisories

FSC-2006-2: SendMail MTA security vulnerability

Description

A vulnerability in Sendmail may permit a specially crafted attack to take over the sendmail MTA process, allowing a remote user to execute commands and run arbitrary programs on the system.

Sendmail released a medium risk security advisory on March 22nd 2006. Both the X- and P-series F-Secure Messaging Security Gateway Appliances use Sendmail. The vulnerability may permit a specially crafted attack to take over the sendmail MTA process, allowing a remote user to execute commands and run arbitrary programs on the system.

Hotfixes are distributed automatically by the delivery system. Users of these products do not need to take any action. This means that virtually all affected systems will be patched automatically shortly after publication of this advisory.

This vulnerability is being tracked as CVE-2006-0058.

Affected Products

Risk Level: HIGH (Low/Medium/High/Critical)

  • F-Secure Messaging Security Gateway, X200 (3.1.0 or earlier)
  • F-Secure Messaging Security Gateway, P600 and P800 (3.2.4 or earlier)

Platforms

  • All supported platforms

Mitigating Factors

A fix for the problem has been distributed through the malware definition database update channel. This advisory only affects systems that, for some reason, are not updated automatically.

Date Issued: 2006-06-01
Last Updated: 2006-06-01

Get Support

For documentation and product support, visit our Support site.

Go Support

F-Secure Community

Give advice. Get advice. Share the knowledge on our free discussion forum.

Go Community