FSC-2006-2: SENDMAIL MTA SECURITY VULNERABILITY
DescriptionA vulnerability in Sendmail may permit a specially crafted attack to take over the sendmail MTA process, allowing a remote user to execute commands and run arbitrary programs on the system.
Sendmail released a medium risk security advisory on March 22nd 2006. Both the X- and P-series F-Secure Messaging Security Gateway Appliances use Sendmail. The vulnerability may permit a specially crafted attack to take over the sendmail MTA process, allowing a remote user to execute commands and run arbitrary programs on the system.
Hotfixes are distributed automatically by the delivery system. Users of these products do not need to take any action. This means that virtually all affected systems will be patched automatically shortly after publication of this advisory.
This vulnerability is being tracked as CVE-2006-0058.
Risk Level: HIGH (Low/Medium/High/Critical)
- F-Secure Messaging Security Gateway, X200 (3.1.0 or earlier)
- F-Secure Messaging Security Gateway, P600 and P800 (3.2.4 or earlier)
PlatformsAll supported platforms
A fix for the problem has been distributed through the malware definition database update channel. This advisory only affects systems that, for some reason, are not updated automatically.
Date Issued: 2006-06-01
Last Updated: 2006-06-01