Goedzo?! NiMS Forum Nieuw onderwerp  Reageer
mijn profiel | leden lijst inloggen | registreer | zoek | faq | forum home

  volgend oudste onderwerp   volgende nieuwste onderwerp
»
» Mijn recente berichten « | » De actieve onderwerpen van vandaag «
Goedzo?! NiMS Forum » Actueel » Veiligheid » CERT waarschuwt voor kritieke fout in Sendmail

 - UBBFriend: Email deze pagina naar iemand!    
Auteur Onderwerp: CERT waarschuwt voor kritieke fout in Sendmail
NiMS
Links of rechts?


Beoordeeld:
4
Icoon 1 geplaatst      Profiel voor NiMS   Homepage     Stuur een nieuw prive bericht       Bewerk/Verwijder bericht   Reageer met Quotes 
Het Sendmail Consortium heeft in verband met een kritisch veiligheidsprobleem een nieuwe versie uitgebracht van de gelijknamige mailsoftware. In oudere versies van Sendmail kan een aanvaller via een mailtje rechten verkrijgen op het systeem. In de header van het mailtje zal dan speciale code zijn opgenomen die gebruik maakt van het lek. Met een succesvolle aanval kunnen de rechten van het account waaronder de Sendmail daemon draait verkregen worden: in de meeste gevallen is dit het zogenaamde administrator account "root". Omdat er op e-mailniveau misbruik gemaakt kan worden van deze bug is het veiligheidslek extra gevaarlijk. Een firewall of packetfilter bied geen afdoende bescherming want de e-mail wordt gewoon doorgestuurd naar de ontvangende server achter de firewall:

Sendmail.org logoResearchers found the vulnerability to be message-oriented, as opposed to connection-oriented, which means it is triggered by the content of a "specially-crafted email message rather than by lower-level network traffic." "This is important because an MTA that does not contain the vulnerability will pass the malicious message along to other MTAs that may be protected at the network level. In other words, vulnerable Sendmail servers on the interior of a network are still at risk, even if the site's border MTA uses software other than Sendmail," CERT/CC warned.

Ongeveer 75 procent van al het e-mailverkeer verloopt via oudere en kwetsbare versies van Sendmail. Iedereen wordt geadviseerd om de net uitgebrachte 8.12.8 te installeren of gebruik te maken van een van de patches voor oudere versies. Hier en hier is meer informatie te vinden.

(tweakers)

--------------------
People are like pieces of a puzzle. We all fit together, but not all of us connect.

Berichten: 6985 | Plaats: Zeist | Geregistreerd: Jul 2002  |  IP: Gelogd | Rapporteer dit bericht aan een Moderator
NiMS
Links of rechts?


Beoordeeld:
4
Icoon 1 geplaatst      Profiel voor NiMS   Homepage     Stuur een nieuw prive bericht       Bewerk/Verwijder bericht   Reageer met Quotes 
A critical security flaw in the internet's most widely-used email relay program, Sendmail, has sparked a worldwide race to patch servers before malicious hackers can mount attacks.

Public disclosure of the flaw was deliberately delayed to give those running critical infrastructure in the US, such as power companies, and foreign governments time to secure their systems. It is the first time such a delay is known to have been imposed.

The newly found flaw could be used to crash corporate email systems, eavesdrop on email and launch massive distributed attacks against other computers. It could also be used to spread a computer worm with the potential to cause widespread disruption, experts warn.

The flaw is in the way Sendmail checks the data contained in email and means a hacker could gain complete control of the system. "This vulnerability is especially dangerous because [an attack] can be delivered within an email message," says the warning issued by the US company that discovered the bug, Internet Security Systems. "And the attacker doesn't need any specific knowledge of the target to be successful."

Some analysts predict that a worm designed to attack un-patched machines could be released within weeks, emphasising the need for administrators to patch their computer systems quickly.

The flaw was first discovered by ISS in December 2002. The company then worked with the US Directorate of Information Analysis and Infrastructure Protection, part of the Department of Homeland Security, to develop a patch. This was released to critical US infrastructure companies and foreign governments before the vulnerability was publicly disclosed on Monday.

Sendmail takes email messages once they have been sent by the client program (e.g. Outlook, Eudora) to the email server and forwards them on to their destinations. It is very widely installed and relays between 50 and 75 per cent of the world's email.

The bug is therefore more common than those exploited by both the most troublesome internet worms of the last two years, Slammer and Code Red. These infected many thousands of computer systems, shutting down corporate networks and causing widespread and costly disruption to internet services.

Phil Huggins, a UK-based security consultant, says worm writers may already know how to make use of the flaw. "It's incredibly serious," he told New Scientist: "There's been a lot of discussion on the defensive side about how this bug works and how it can be fixed. If they've worked out how it works, then you know the bad guys have too."

An alert issued by US computer security company TruSecure to customers echoes this concern. "TruSecure is aware that known malicious coders currently have exploit code to work from," the message reads. "We expect simple exploits in the near term, and more complex exploits including mail-based worms shortly thereafter."

Huggins says most large companies are likely to patch their main email servers quickly. But he says other important non-email systems may have Sendmail installed by default and may be overlooked. Smaller companies are most likely to neglect security patches, Huggins says.

The danger posed may be lessened by the fact that Sendmail runs on a wide variety of operating systems. This makes it more difficult to create a worm that would spread between different machines, experts say.

--------------------
People are like pieces of a puzzle. We all fit together, but not all of us connect.

Berichten: 6985 | Plaats: Zeist | Geregistreerd: Jul 2002  |  IP: Gelogd | Rapporteer dit bericht aan een Moderator
   

Snelle Reactie
Bericht:

HTML staat uit.
UBB Code™ staat uit.

Kant en klare Graemlins
   


     » Mijn recente berichten « | » De actieve onderwerpen van vandaag «
Nieuw onderwerp  Reageer Sluit Onderwerp   Feature Onderwerp   Verplaats onderwerp   Verwijder onderwerp volgend oudste onderwerp   volgende nieuwste onderwerp
 - Printer-versie van dit onderwerp
Spring naar:


Neem contact met ons op | Nims home

Copyright 2004 Ni-Frith Media Systems

Powered by Infopop Corporation
UBB.classic™ 6.7.0
Vertaald door NiMS