|
|
To print: Select File and then Print from your browser's menu
-------------------------------------------------------------- This story was printed from ZDNet Australia. --------------------------------------------------------------
|
Group warns of hacked Sendmail programs By Robert Lemos, Special to ZDNet October 10, 2002 URL: http://www.zdnet.com.au/news/security/soa/Group-warns-of-hacked-Sendmail-programs/0,130061744,120268951,00.htm
Some copies of a popular mail-server program are implanted with a back door that could allow access to Internet attackers, security experts have warned. A Computer Emergency Response Team (CERT) Coordination Center advisory said that illicit code added to the Sendmail package creates a back door when the program is compiled from its source code. Such a compromised program -- called a Trojan horse by security experts -- can leave networks exposed to attack and administrators unaware of the vulnerabilities. The source code files of Sendmail 8.12.6 were apparently modified as far back as 28 September, according to the advisory. The Sendmail Consortium removed file transfer protocol (FTP) access to the server on Sunday. A safe version of the file can still be downloaded via the Web. "If you download the Sendmail distribution you MUST verify the PGP signature," stated the consortium on its site. "Do NOT use Sendmail without verifying the integrity of the source code." The added code links to a specific server on the Internet, said CERT in its advisory. The security group also recommends that anyone who downloads Sendmail verify the file's integrity. Because only the act of compiling the file activates the hostile program code, restarting the Sendmail server seems to deactivate the backdoor.
Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved. |
