Patch released for critical Sendmail flaw

A vulnerability in the mail server software potentially allows attackers to take control of servers
Written by Staff , Contributor
A critical vulnerability has been found in Sendmail, the most widely used mail server software.

The vulnerability allows attackers to take control of servers using Sendmail, which is commonly used on Linux, Unix and BSD systems.

The discovery and subsequent disclosure of the security flaw comes one day after serious security problems in the OpenSSH secure shell server software were disclosed. Unlike that discovery, there has been little talk of the vulnerability being exploited prior to the issue of the new Sendmail release.

It's the third time this year that a serious vulnerability has been found in Sendmail software, and the second reported by Michal Zalewski, the researcher that posted the most recent bug.

The earlier bug was found by Internet Security Systems in early March.

Users can upgrade to version 8.12.10, which is not affected by the glitch, or apply a patch.

Editorial standards