Sendmail MTA Installed

2001-06-25T00:00:00
ID OSVDB:3120
Type osvdb
Reporter OSVDB
Modified 2001-06-25T00:00:00

Description

Vulnerability Description

Sendmail is one of the oldest Mail Transfer Agents used on the Internet. Sendmail is the most popular mail server software responsible for sending and receiving e-mail on Unix systems. Due to its widespread use and long history of vulnerabilities, it is a popular service to be attacked. These attacks range from denial of service, mail relay and remote command execution. Given Sendmail's age and installer base, it is easy for administrators to misconfigure servers or use incompatible configuration files which may open up servers to remote attack.

Solution Description

There are several measures an administrator can take to help ensure the security of a sendmail server:

  • Make sure your Sendmail software is running the latest version available.
  • Disable Sendmail on any server not acting as a Mail server. If you feel there may be a need, do not run it with the "-bd" switch (disable's daemon mode).
  • Ensure your sendmail configuration file doesn't allow any form of unauthorized mail relaying.
  • Before installing any version of sendmail, verify the PGP signature to ensure it is from a trusted source.

Short Description

Sendmail is one of the oldest Mail Transfer Agents used on the Internet. Sendmail is the most popular mail server software responsible for sending and receiving e-mail on Unix systems. Due to its widespread use and long history of vulnerabilities, it is a popular service to be attacked. These attacks range from denial of service, mail relay and remote command execution. Given Sendmail's age and installer base, it is easy for administrators to misconfigure servers or use incompatible configuration files which may open up servers to remote attack.

References:

Vendor Specific Solution URL: http://www.sendmail.org/current-release.html Other Solution URL: http://www.sendmail.org/m4/security_notes.html Other Solution URL: http://www.sendmail.org/secure-install.html Keyword: SANS Top 20 2003 Unix Issue #06 Keyword: SANS Top 20 2001 Unix Issue #02 Keyword: SANS Top 20 2000 General Issue #05 Keyword: SANS Top 20 2002 Unix Issue #08 Generic Informational URL: http://www.sendmail.org/ Generic Informational URL: http://www.sans.org/top20/oct02.php#U8 Generic Informational URL: http://www.sans.org/top20/top20_oct01.php Generic Informational URL: http://www.sans.org/top20/top10.php Generic Informational URL: http://www.sans.org/top20/#u6 CERT: CA-2002-28 CERT: CA-2003-12 CERT: CA-2003-07 CERT: CA-2003-25