"Researchers this week identified vulnerabilities in two commonly used open-source software products. The more serious of the vulnerabilities affects Sendmail, an open-source program for managing e-mail. The vulnerability lies in the way the e-mail server software parses e-mail headers, according to Dan Ingevaldson, engineering manager for Internet Security Systems in Atlanta," reports CNet.
Comment: Yet another hole in Sendmail, the program implicated in the worst malware disaster ever to hit the Internet -- the Robert Morris worm, back in the late 1980s. If Sendmail had been a Microsoft product, they'd have fixed it a decade ago. Because there's a free version bundled with your average distro, this bit of security holeware continues to dominate the net, while the open source community remains embarrassingly unable to fix it.
Some recent highlights:
CERT Advisory CA-2003-25 Buffer Overflow in Sendmail Original issue date: September 18, 2003
CERT Advisory CA-2003-12 Buffer Overflow in Sendmail Original release date: March 29, 2003
CERT Advisory CA-2003-07 Remote Buffer Overflow in Sendmail Original release date: March 3, 2003
CERT Advisory CA-2002-28 Trojan Horse Sendmail Distribution Original release date: October 08, 2002
