ertes
06.03.03, 03:58
A group of four Polish hackers published code to an
open security mailing list on Tuesday that can take
advantage of a major vulnerability in the Sendmail mail
server.
The code, released less than a day after the Sendmail
flaw's public announcement, allows an attacker to
remotely exploit a Red Hat or Slackware Linux computer
running a vulnerable version of the mail server, the
group--known as the Last Stage of Delirium--stated in
the analysis that accompanied the code.
While the limited number of platforms affected by the
program seems to be good news, the group warned that
its quick analysis might have missed other ways of
exploiting the problem.
The LSD group--whose four members claim to be
graduates of the Poznan University of Technology--say
that releasing such code enhances the community's
overall security.
"We do believe that open and free information is the
best for improving security," the group said in its
e-mail to CNET News.com. "In our opinion, publishing
the details is the only way to...determine the impact.
The lack of appropriate information on the issue can
be...even more damaging."
