Skip the navigation

Sendmail exploit code posted on hacker site

By Dan Verton
March 4, 2003 12:00 PM ET

Computerworld - Less than 24 hours after security vendors and the government issued public warnings about a new vulnerability in the sendmail mail transfer agentsoftware (see story), researchers discovered that exploit code had already been posted on a hacker Web site.
Although the exploit code was characterized as proof-of-concept code that specifically targets only the Slackware Linux Version 8.0 implementation of sendmail, Dan Ingevaldson, team leader of X-Force research and development at Atlanta-based Internet Security Systems Inc., said analysis of the code shows that it works.
"This is the kind of thing that we always assume will happen," said Ingevaldson, referring to the development of exploit code to take advantage of a publicized vulnerability. However, in this case, a Russian hacker Web site run by a group of self-proclaimed security experts located in Nizhny Novgorod, Russia, actually produced the exploit and posted it on the Web.
"We always assume they are working on the exploit and that they have it. But in this case, they made it a little easier for us to assess that," said Ingevaldson.
Ingevaldson said there are no indications yet of any widespread use of the exploit code.
"We're assuming that hackers are testing it and are looking for unpatched systems," he said. "Fortunately, this code doesn't look as robust as some of the other exploits that have been exposed recently. I don't know that the risk right now is immediate, but the risk has definitely increased."




Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.



Our Commenting Policies