Computerworld - Less than 24 hours after security vendors and the government issued public warnings about a new vulnerability in the sendmail mail transfer agentsoftware (see story), researchers discovered that exploit code had already been posted on a hacker Web site.
Although the exploit code was characterized as proof-of-concept code that specifically targets only the Slackware Linux Version 8.0 implementation of sendmail, Dan Ingevaldson, team leader of X-Force research and development at Atlanta-based Internet Security Systems Inc., said analysis of the code shows that it works.
"This is the kind of thing that we always assume will happen," said Ingevaldson, referring to the development of exploit code to take advantage of a publicized vulnerability. However, in this case, a Russian hacker Web site run by a group of self-proclaimed security experts located in Nizhny Novgorod, Russia, actually produced the exploit and posted it on the Web.
"We always assume they are working on the exploit and that they have it. But in this case, they made it a little easier for us to assess that," said Ingevaldson.
Ingevaldson said there are no indications yet of any widespread use of the exploit code.
"We're assuming that hackers are testing it and are looking for unpatched systems," he said. "Fortunately, this code doesn't look as robust as some of the other exploits that have been exposed recently. I don't know that the risk right now is immediate, but the risk has definitely increased."
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
