Posts

Showing posts from October, 2016

Sendmail Vulnerabilities and smad attack(sendmail accept dos).

Versions of sendmail prior to version 8.8.5 have a variety of vulnerabilities.  Older versions of sendmail may also run in DEBUG mode which could allow access from a malicious user. Impact Malicious users exploiting these vulnerabilities are able to gain unauthorized access, possibly even root access, to a target system. Background sendmail , first released circa 1983, is a mail router program, and was designed to route email between peers on a network and also to route mail between networks. Note that sendmail is a routing program, and not an application that an ordinary user would use to format and send messages. Instead, sendmail accepts formatted messages from an email program (such as Outlook Express, Eudora or Pegasus), and then sends them to the appropriate recipients. The message is sent using the Simple Mail Transfer Protocol (SMTP), which was designed to be a reliable and effective transport for mail messages. The Problems CVE 1999-0047