Group warns of hacked Sendmail programs

10 October 2002 09:20 AM

Tags: hacker, hacking, flaw, hacked, bug, sendmail, program

Some copies of a popular mail-server program are implanted with a back door that could allow access to Internet attackers, security experts have warned.

A Computer Emergency Response Team (CERT) Coordination Center advisory said that illicit code added to the Sendmail package creates a back door when the program is compiled from its source code. Such a compromised program -- called a Trojan horse by security experts -- can leave networks exposed to attack and administrators unaware of the vulnerabilities.

The source code files of Sendmail 8.12.6 were apparently modified as far back as 28 September, according to the advisory. The Sendmail Consortium removed file transfer protocol (FTP) access to the server on Sunday. A safe version of the file can still be downloaded via the Web.

"If you download the Sendmail distribution you MUST verify the PGP signature," stated the consortium on its site. "Do NOT use Sendmail without verifying the integrity of the source code."

The added code links to a specific server on the Internet, said CERT in its advisory. The security group also recommends that anyone who downloads Sendmail verify the file's integrity.

Because only the act of compiling the file activates the hostile program code, restarting the Sendmail server seems to deactivate the backdoor.

Talkback (0)
Print
E-mail
Share
- del.icio.us
- Digg
- Reddit
- Slashdot
- StumbleUpon

Talkback 0 comments

Be the first to comment on this article!

Latest Videos

Play now

Microsoft slams Google on privacy
Google's approach to privacy is a decade behind Microsoft, the Redmond software giant's chief privacy strategi… Watch it now
iiNet to offer mobile phone service?
Naked DSL is too difficult to buy: iiNet
VoIP no longer a 'geeky' product: iiNet
More videos »

Blogs

MyPerfect.com.au has potential
Victorian Web start-up My Perfect has a strong story and rationale for why it will succeed. But it has to overcome some challenges and design flaws first.
Storage infrastructure on the tender track
For a large-scale storage project, it's not uncommon to go out to tender for the best deal — but when was the last time you had to put together a tender for a document management room?
Apple has killed the video store; will ISPs be next?
The Olympics are nearly over, and the Australian team deserves kudos for an excellent performance all around. Yet even as the Olympic sun sets on the Bird's Nest for the last time this weekend, millions of spectators around the world will be scanning their dials in the hope of finding something else to fill their viewing hours.
More blogs »

Hot Spot - What's Important

Driving Business Growth Through Enterprise IT Management
Dig deeper by clicking here »

Achieve continuous availability with high performance NonStop blade technology

Looking to buy a printer? Our superguide rates the latest printers and shines a light into the industry.

When chief information officers and other technology managers talk about their priorities, security is always high on the list.

Reader Services

Essentials

Superguide: Printers
Looking to buy a printer? Our superguide rates the latest printers and shines a light into the industry.
And The Best Smartphone is...
Wondering which Smartphone is the best? Click here to see our verdict.
Security superguide
When chief information officers and other technology managers talk about their priorities, security is always high on the list.
Storage and server superguide
Over the last decade the art of maintaining the datacentre of a large organisation has evolved into an art form.
Broadband speedtest
How fast is your Internet connection? Calculate the speed here.

Group warns of hacked Sendmail programs