By Anne Broache, CNET News.com
Published on ZDNet News: March 22, 2006, 12:51 PM PT
A serious flaw exists in certain versions of the popular Sendmail open-source and commercial e-mail software, but fixes are available, researchers said Wednesday.
The vulnerability, which was reported by Mark Dowd at Internet Security Systems, could allow a remote attacker to take control of a PC. To do this, the intruder would send arbitrary code at carefully crafted time intervals to the SMTP mail server, according to alerts from security providers ISS and FrSirt.
An attack could interfere with or intercept mail delivery, permit the intruder to tamper with other programs and data on the vulnerable system, and potentially provide access to other systems on the affected machine's network.
Enter to win* a free holiday tech gift!
CNET's giving five lucky winners the gift of their choice valued up to $250!