New computer network vulnerability

AusCERT (Australian Computer Emergency Response Team), Australia’s national computer security response team, based at The University of Queensland, today warned about a new computer network vulnerability in the Sendmail program which could pose a serious security threat to numerous networks on the Internet.

Sendmail is a widely used open source electronic mail application, available as freeware and vendor supported versions, which distributes email to and from network hosts and is available for both UNIX and Windows platforms.

A number of issues make this vulnerability more serious than most other software vulnerabilities which also allow attackers to gain remote privileged access to vulnerable network machines.

“This vulnerability is particularly interesting because it has the magic combination of impacting a service that is in wide spread business use, publicly accessible and deemed an essential service resulting in the ability to control aspects of the computer’s functionality,” said Robert Mead, AusCERT’s coordination centre manager.

“Once a Sendmail server is compromised, it will allow an attacker to execute commands potentially giving the attacker access to other parts of the network to the level permitted by the Sendmail server.

Because the vulnerability relates to the content of email messages it means that while an organisation’s main (perimeter) mail handling programs may not be vulnerable, the organisation could still be vulnerable to attack until they patched all mail handling programs on the inside of their network. All but small organisations will have many mail handling programs.

For an organisation to be protected from external remote attack they need to have a patched version of Sendmail at their network perimeter or ensure perimeter mail servers that are not vulnerable (e.g. other than Sendmail) will not pass harmful email messages. For an organisation to be properly protected they need to ensure all Sendmail servers in their network are patched, for some organisations this could mean patching more than 50 servers.

“We currently are unaware of any automated tool that exists that would allow hackers to exploit these vulnerabilities. However, as with most computer vulnerabilities it is usually only a matter of time before a hacker works out how to write a program that will exploit these vulnerabilities and shares their program with the hacker community,” said Robert Mead.

“If a hacker writes and releases a worm exploit, as occurred with other software vulnerabilities, such as Slapper and Slammer then it could result in rapid and mass compromises of networks.

AusCERT has issued an advisory about the Sendmail vulnerability which is available on our web site with further details of what organisations need to protect their systems.

AusCERT released its warning immediately following the public release of information about this vulnerability by ISS X-Force and CERT/CC in the USA.

Information about this problem can be found on AusCERT’s web site, www.auscert.org.au.

Media enquiries should be directed to Jan King, Office of Media Communications on 3365 1120.